Vulnerabilities in Enphase
8 resultsCVE-2024-21879HIGHURL parameter manipulations allows an authenticated attacker to execute arbitrary OS commands in Enphase IQ Gateway v4.x to v8.x and < v8.2.4225EPSS 2.5%CVE-2024-21880HIGHURL parameter manipulations allows an authenticated attacker to execute arbitrary OS commands in Enphase IQ Gateway version 4.x <= 7.xEPSS 2.3%CVE-2024-21878HIGHCommand Injection through Unsafe File Name Evaluation in internal script in Enphase IQ Gateway v4.x to and including 8.xEPSS 1.4%CVE-2023-33869MEDIUMEnphase Envoy OS Command InjectionEPSS 1.1%CVE-2024-21876CRITICALUnauthenticated Path Traversal via URL Parameter in Enphase IQ Gateway version < 8.2.4225EPSS 0.8%CVE-2024-21877HIGHInsecure File Generation Based on User Input in Enphase IQ Gateway version 4.x to 8.x and < 8.2.4225EPSS 0.8%CVE-2023-32274HIGHEnphase Installer Toolkit Android App Use of Hard-coded CredentialsEPSS 0.6%CVE-2024-21881HIGHUpload of encrypted packages allows authenticated command execution in Enphase IQ Gateway v4.x and v5.xEPSS 0.3%