exploitDog

CVE-2024-21878

Опубликовано: 12 авг. 2024

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Enphase IQ Gateway (formerly known as Envoy) allows OS Command Injection. This vulnerability is present in an internal script.This issue affects Envoy: from 4.x up to and including 8.x and is currently unpatched.

Ссылки

https://csirt.divd.nl/CVE-2024-21878
Third Party Advisory
https://csirt.divd.nl/DIVD-2024-00011
Third Party Advisory
https://enphase.com/cybersecurity/advisories/ensa-2024-3
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:enphase:iq_gateway_firmware:*:*:*:*:*:*:*:*

Версия от 4.0 (включая) до 8.2.4225 (исключая)

cpe:2.3:h:enphase:iq_gateway:-:*:*:*:*:*:*:*

EPSS

Процентиль: 56%

0.00341

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-77

CWE-78

Связанные уязвимости

GHSA-hch6-3cq4-hjhm

CVSS3: 9.8

github

больше 1 года назад

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Enphase IQ Gateway (formerly known as Envoy) allows OS Command Injection. This vulnerability is present in an internal script.This issue affects Envoy: from 4.x up to and including 8.x and is currently unpatched.

EPSS

Процентиль: 56%

0.00341

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-77

CWE-78