Vulnerability Details CVE-2024-21878
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Enphase IQ Gateway (formerly known as Envoy) allows OS Command Injection. This vulnerability is present in an internal script.This issue affects Envoy: from 4.x up to and including 8.x and is currently unpatched.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 58.1%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2024-21878
-
cpe:2.3:h:enphase:iq_gateway:-
-
cpe:2.3:o:enphase:iq_gateway_firmware:4.0
-
cpe:2.3:o:enphase:iq_gateway_firmware:7.0.107
-
cpe:2.3:o:enphase:iq_gateway_firmware:7.0.110
-
cpe:2.3:o:enphase:iq_gateway_firmware:7.0.153
-
cpe:2.3:o:enphase:iq_gateway_firmware:7.0.155
-
cpe:2.3:o:enphase:iq_gateway_firmware:7.0.88
-
cpe:2.3:o:enphase:iq_gateway_firmware:7.0.93
-
cpe:2.3:o:enphase:iq_gateway_firmware:7.3.120
-
cpe:2.3:o:enphase:iq_gateway_firmware:7.3.76
-
cpe:2.3:o:enphase:iq_gateway_firmware:7.3.78
-
cpe:2.3:o:enphase:iq_gateway_firmware:7.4.28
-
cpe:2.3:o:enphase:iq_gateway_firmware:7.4.29