Vulnerabilities > Enphase > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-12 | CVE-2024-21879 | OS Command Injection vulnerability in Enphase IQ Gateway Firmware Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability through an url parameter of an authenticated enpoint in Enphase IQ Gateway (formerly known as Envoy) allows OS Command Injection.This issue affects Envoy: from 4.x to 8.x and < 8.2.4225. | 8.8 |
| 2024-08-12 | CVE-2024-21880 | OS Command Injection vulnerability in Enphase IQ Gateway Firmware Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability via the url parameter of an authenticated enpoint in Enphase IQ Gateway (formerly known as Enphase) allows OS Command Injection.This issue affects Envoy: 4.x <= 7.x | 7.2 |
| 2023-06-20 | CVE-2023-32274 | Use of Hard-coded Credentials vulnerability in Enphase Installer Toolkit 3.27.0 Enphase Installer Toolkit versions 3.27.0 has hard coded credentials embedded in binary code in the Android application. | 7.5 |
| 2021-06-16 | CVE-2020-25753 | Unspecified vulnerability in Enphase Envoy Firmware D4.0/R3.0 An issue was discovered on Enphase Envoy R3.x and D4.x devices with v3 software. | 7.5 |
| 2019-02-09 | CVE-2019-7678 | Path Traversal vulnerability in Enphase Envoy A directory traversal vulnerability was discovered in Enphase Envoy R3.*.* via images/, include/, include/js, or include/css on TCP port 8888. | 7.5 |