ГлавнаяУязвимости → CVE-2024-21879
8.8высокая

CVE-2024-21879

Описание

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability through an url parameter of an authenticated enpoint in Enphase IQ Gateway (formerly known as Envoy) allows OS Command Injection.This issue affects Envoy: from 4.x to 8.x and < 8.2.4225.

Затрагиваемое ПО
Enphase Iq gateway firmwareEnphase Iq gateway
CVSS
Балл8.8 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://csirt.divd.nl/CVE-2024-21879https://csirt.divd.nl/DIVD-2024-00011https://enphase.com/cybersecurity/advisories/ensa-2024-4