Vulnerability Details CVE-2024-21879
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability through an url parameter of an authenticated enpoint in Enphase IQ Gateway (formerly known as Envoy) allows OS Command Injection.This issue affects Envoy: from 4.x to 8.x and < 8.2.4225.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.036
EPSS Ranking 87.2%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2024-21879
-
cpe:2.3:h:enphase:iq_gateway:-
-
cpe:2.3:o:enphase:iq_gateway_firmware:4.0
-
cpe:2.3:o:enphase:iq_gateway_firmware:7.0.107
-
cpe:2.3:o:enphase:iq_gateway_firmware:7.0.110
-
cpe:2.3:o:enphase:iq_gateway_firmware:7.0.153
-
cpe:2.3:o:enphase:iq_gateway_firmware:7.0.155
-
cpe:2.3:o:enphase:iq_gateway_firmware:7.0.88
-
cpe:2.3:o:enphase:iq_gateway_firmware:7.0.93
-
cpe:2.3:o:enphase:iq_gateway_firmware:7.3.120
-
cpe:2.3:o:enphase:iq_gateway_firmware:7.3.76
-
cpe:2.3:o:enphase:iq_gateway_firmware:7.3.78
-
cpe:2.3:o:enphase:iq_gateway_firmware:7.4.28
-
cpe:2.3:o:enphase:iq_gateway_firmware:7.4.29