CVE-2024-21876
Improper Limitation of a Pathname to a Restricted Directory ('Path
Description
Description
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability via a URL parameter in Enphase IQ Gateway (formerly known as Envoy) allows an unautheticated attacker to access or create arbitratry files.This issue affects Envoy: from 4.x to 8.x and < 8.2.4225.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Affected Vendors & Products
| Vendor | Product | Version |
|---|---|---|
| enphase | iq_gateway_firmware | From 4.0 (inc) to 8.2.4225 (exc) |
| enphase | iq_gateway | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
Meta Information
CVE Publication Date:
2024-08-12
CVE Last Modified Date:
2024-08-23
Report Generation Date:
2025-06-02
EPSS Last Evaluated Date:
2025-03-31
NVD Report Link: