ГлавнаяУязвимости → CVE-2024-21880
7.2высокая

CVE-2024-21880

Описание

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability via the url parameter of an authenticated enpoint in Enphase IQ Gateway (formerly known as Enphase) allows OS Command Injection.This issue affects Envoy: 4.x <= 7.x

Затрагиваемое ПО
Enphase Iq gateway firmwareEnphase Iq gateway
CVSS
Балл7.2 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Источники
https://csirt.divd.nl/CVE-2024-21880https://csirt.divd.nl/DIVD-2024-00011https://enphase.com/cybersecurity/advisories/ensa-2024-5