CVE-2024-21878
Improper Neutralization of Special Elements used in a Command ('Command
Description
Description
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Enphase IQ Gateway (formerly known as Envoy) allows OS Command Injection. This vulnerability is present in an internal script.This issue affects Envoy: from 4.x up to and including 8.x and is currently unpatched.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Affected Vendors & Products
| Vendor | Product | Version |
|---|---|---|
| enphase | iq_gateway_firmware | From 4.0 (inc) to 8.2.4225 (exc) |
| enphase | iq_gateway | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-77 | Improper Neutralization of Special Elements used in a Command ('Command Injection') |
| CWE-78 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
Meta Information
CVE Publication Date:
2024-08-12
CVE Last Modified Date:
2024-08-23
Report Generation Date:
2025-06-02
EPSS Last Evaluated Date:
2025-03-31
NVD Report Link: