Vulnerability Details CVE-2024-21880
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability via the url parameter of an authenticated enpoint in Enphase IQ Gateway (formerly known as Enphase) allows OS Command Injection.This issue affects Envoy: 4.x <= 7.x
Exploit prediction scoring system (EPSS) score
EPSS Score 0.025
EPSS Ranking 84.6%
CVSS Severity
CVSS v3 Score 7.2
References
Products affected by CVE-2024-21880
-
cpe:2.3:h:enphase:iq_gateway:-
-
cpe:2.3:o:enphase:iq_gateway_firmware:4.0
-
cpe:2.3:o:enphase:iq_gateway_firmware:7.0.107
-
cpe:2.3:o:enphase:iq_gateway_firmware:7.0.110
-
cpe:2.3:o:enphase:iq_gateway_firmware:7.0.153
-
cpe:2.3:o:enphase:iq_gateway_firmware:7.0.155
-
cpe:2.3:o:enphase:iq_gateway_firmware:7.0.88
-
cpe:2.3:o:enphase:iq_gateway_firmware:7.0.93
-
cpe:2.3:o:enphase:iq_gateway_firmware:7.3.120
-
cpe:2.3:o:enphase:iq_gateway_firmware:7.3.76
-
cpe:2.3:o:enphase:iq_gateway_firmware:7.3.78