2 matches found
CVE-2024-21879 URL parameter manipulations allows an authenticated attacker to execute arbitrary OS commands in Enphase IQ Gateway v4.x to v8.x and < v8.2.4225
Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability through an url parameter of an authenticated enpoint in Enphase IQ Gateway formerly known as Envoy allows OS Command Injection.This issue affects Envoy: from 4.x to 8.x and 8.2.4225...
CVE-2024-21880
The CVE-2024-21880 issue affects Enphase IQ Gateway (4.x–7.x). It is an OS command injection via the url parameter of an authenticated endpoint, caused by improper neutralization of special elements. The connected PT security entry (PT-2024-19111) provides remediation guidance: update Enphase IQ ...