CVE-2024-21877

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability through a url parameter in Enphase IQ Gateway (formerly known as Envoy) allows File Manipulation. The endpoint requires authentication.This issue affects Envoy: from 4.x to 8.0 and < 8.2.4225.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:enphase:iq_gateway_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:enphase:iq_gateway:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-08-12 13:38

Updated : 2024-08-23 18:06


NVD link : CVE-2024-21877

Mitre link : CVE-2024-21877

CVE.ORG link : CVE-2024-21877


JSON object : View

Products Affected

enphase

  • iq_gateway_firmware
  • iq_gateway
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')