Vulnerabilities > Enphase > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-12 | CVE-2024-21876 | Path Traversal vulnerability in Enphase IQ Gateway Firmware Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability via a URL parameter in Enphase IQ Gateway (formerly known as Envoy) allows an unautheticated attacker to access or create arbitratry files.This issue affects Envoy: from 4.x to 8.x and < 8.2.4225. | 9.1 |
| 2024-08-12 | CVE-2024-21878 | OS Command Injection vulnerability in Enphase IQ Gateway Firmware Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Enphase IQ Gateway (formerly known as Envoy) allows OS Command Injection. | 9.8 |
| 2023-06-20 | CVE-2023-33869 | OS Command Injection vulnerability in Enphase Envoy Firmware D7.0.88 Enphase Envoy versions D7.0.88 is vulnerable to a command injection exploit that may allow an attacker to execute root commands. | 9.8 |
| 2021-06-16 | CVE-2020-25753 | Unspecified vulnerability in Enphase Envoy Firmware D4.0/R3.0 An issue was discovered on Enphase Envoy R3.x and D4.x devices with v3 software. | 9.8 |
| 2019-02-09 | CVE-2019-7678 | Path Traversal vulnerability in Enphase Envoy A directory traversal vulnerability was discovered in Enphase Envoy R3.*.* via images/, include/, include/js, or include/css on TCP port 8888. | 9.8 |