Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability through a url parameter in Enphase IQ Gateway (formerly known as Envoy) allows File Manipulation. The endpoint requires authentication.This issue affects Envoy: from 4.x to 8.0 and < 8.2.4225.
Metrics
Affected Vendors & Products
References
History
Fri, 23 Aug 2024 18:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Enphase iq Gateway
Enphase iq Gateway Firmware |
|
CPEs | cpe:2.3:h:enphase:iq_gateway:-:*:*:*:*:*:*:* cpe:2.3:o:enphase:iq_gateway_firmware:*:*:*:*:*:*:*:* |
|
Vendors & Products |
Enphase iq Gateway
Enphase iq Gateway Firmware |
|
Metrics |
cvssV3_1
|
Mon, 12 Aug 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Enphase
Enphase envoy |
|
CPEs | cpe:2.3:h:enphase:envoy:-:*:*:*:*:*:*:* | |
Vendors & Products |
Enphase
Enphase envoy |
|
Metrics |
ssvc
|
Sat, 10 Aug 2024 18:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability through a url parameter in Enphase IQ Gateway (formerly known as Envoy) allows File Manipulation. The endpoint requires authentication.This issue affects Envoy: from 4.x to 8.0 and < 8.2.4225. | |
Title | Insecure File Generation Based on User Input in Enphase IQ Gateway version 4.x to 8.x and < 8.2.4225 | |
Weaknesses | CWE-22 | |
References |
| |
Metrics |
cvssV4_0
|
MITRE
Status: PUBLISHED
Assigner: DIVD
Published: 2024-08-10T17:44:49.284Z
Updated: 2024-08-12T12:54:56.952Z
Reserved: 2024-01-02T18:30:11.174Z
Link: CVE-2024-21877
Vulnrichment
Updated: 2024-08-12T12:52:47.607Z
NVD
Status : Analyzed
Published: 2024-08-12T13:38:14.980
Modified: 2024-08-23T18:06:45.520
Link: CVE-2024-21877
Redhat
No data.