Lucene search
+L

4 matches found

NVD
NVD
added 2024/08/12 1:38 p.m.23 views

CVE-2024-21880

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability via the url parameter of an authenticated enpoint in Enphase IQ Gateway formerly known as Enphase allows OS Command Injection.This issue affects Envoy: 4.x = 7.x...

8.6CVSS0.02334EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/08/10 5:44 p.m.19 views

CVE-2024-21880 URL parameter manipulations allows an authenticated attacker to execute arbitrary OS commands in Enphase IQ Gateway version 4.x <= 7.x

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability via the url parameter of an authenticated enpoint in Enphase IQ Gateway formerly known as Enphase allows OS Command Injection.This issue affects Envoy: 4.x = 7.x...

8.6CVSS6.9AI score0.02334EPSS
Exploits0References3
CVE
CVE
added 2024/08/10 5:44 p.m.70 views

CVE-2024-21880

The CVE-2024-21880 issue affects Enphase IQ Gateway (4.x–7.x). It is an OS command injection via the url parameter of an authenticated endpoint, caused by improper neutralization of special elements. The connected PT security entry (PT-2024-19111) provides remediation guidance: update Enphase IQ ...

8.6CVSS6.6AI score0.02334EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/08/10 5:44 p.m.27 views

CVE-2024-21880 URL parameter manipulations allows an authenticated attacker to execute arbitrary OS commands in Enphase IQ Gateway version 4.x <= 7.x

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability via the url parameter of an authenticated enpoint in Enphase IQ Gateway formerly known as Enphase allows OS Command Injection.This issue affects Envoy: 4.x = 7.x...

8.6CVSS0.02334EPSS
Exploits0References3
Rows per page
Query Builder