CVE-2024-21877

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability through a url parameter in Enphase IQ Gateway (formerly known as Envoy) allows File Manipulation. The endpoint requires authentication.This issue affects Envoy: from 4.x to 8.0 and < 8.2.4225.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:enphase:iq_gateway_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:enphase:iq_gateway:-:*:*:*:*:*:*:*

History

23 Aug 2024, 18:06

Type Values Removed Values Added
CPE cpe:2.3:h:enphase:iq_gateway:-:*:*:*:*:*:*:*
cpe:2.3:o:enphase:iq_gateway_firmware:*:*:*:*:*:*:*:*
First Time Enphase
Enphase iq Gateway
Enphase iq Gateway Firmware
Summary
  • (es) La limitación inadecuada de una vulnerabilidad de nombre de ruta a un directorio restringido ("Path Traversal") a través de un parámetro de URL en Enphase IQ Gateway (anteriormente conocido como Envoy) permite la manipulación de archivos. El punto final requiere autenticación. Este problema afecta a Envoy: de 4.x a 8.0 y &lt;8.2.4225.
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5
References () https://csirt.divd.nl/CVE-2024-21877 - () https://csirt.divd.nl/CVE-2024-21877 - Third Party Advisory
References () https://csirt.divd.nl/DIVD-2024-00011 - () https://csirt.divd.nl/DIVD-2024-00011 - Third Party Advisory
References () https://enphase.com/cybersecurity/advisories/ensa-2024-2 - () https://enphase.com/cybersecurity/advisories/ensa-2024-2 - Vendor Advisory

12 Aug 2024, 13:41

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-12 13:38

Updated : 2024-08-23 18:06


NVD link : CVE-2024-21877

Mitre link : CVE-2024-21877

CVE.ORG link : CVE-2024-21877


JSON object : View

Products Affected

enphase

  • iq_gateway_firmware
  • iq_gateway
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')