CVE-2024-21876

CVSS 3.1 Score 9.1 of 10 (high)

Details

Published Aug 12, 2024

Updated: Aug 23, 2024

CWE ID 22

Summary

CVE-2024-21876 is a newly disclosed path traversal vulnerability that affects Enphase IQ Gateway, formerly known as Envoy, from versions 4.x to 8.x and older than 8.2.4225. An unauthenticated attacker can exploit this issue by providing a malicious URL parameter, potentially allowing them to access or create arbitrary files on the affected system. This vulnerability poses a significant risk, as it can lead to data breaches or system compromise. It is recommended that users upgrade to a patched version of the Enphase IQ Gateway software as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uAIR9t
https://www.cve.org/CVERecord?id=CVE-2024-21876
https://nvd.nist.gov/vuln/detail/CVE-2024-21876

Back to Vulnerability Database

CVE-2024-21876

CVSS 3.1 Score 9.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations