CVE-2024-21880

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Aug 12, 2024

Updated: Aug 23, 2024

CWE ID 78

CWE ID 77

Summary

CVE-2024-21880 is a critical Command Injection vulnerability affecting Enphase IQ Gateway, formerly known as Enphase. The flaw is located in an authenticated endpoint, specifically the url parameter. An attacker can exploit this vulnerability by improperly neutralizing special elements, leading to OS Command Injection. This issue poses a significant risk, particularly for Envoy versions 4.x to 7.x. Successful exploitation could result in unauthorized system access and potential data breaches. Users are strongly urged to apply patches and update their systems to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uAHhus
https://www.cve.org/CVERecord?id=CVE-2024-21880
https://nvd.nist.gov/vuln/detail/CVE-2024-21880

Back to Vulnerability Database

CVE-2024-21880

CVSS 3.1 Score 7.2 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations