Vulnerabilities > Enphase > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-12 | CVE-2024-21879 | OS Command Injection vulnerability in Enphase IQ Gateway Firmware Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability through an url parameter of an authenticated enpoint in Enphase IQ Gateway (formerly known as Envoy) allows OS Command Injection.This issue affects Envoy: from 4.x to 8.x and < 8.2.4225. | 8.8 |
| 2024-08-12 | CVE-2024-21880 | OS Command Injection vulnerability in Enphase IQ Gateway Firmware Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability via the url parameter of an authenticated enpoint in Enphase IQ Gateway (formerly known as Enphase) allows OS Command Injection.This issue affects Envoy: 4.x <= 7.x | 7.2 |
| 2023-06-20 | CVE-2023-32274 | Unspecified vulnerability in Enphase Installer Toolkit 3.27.0 Enphase Installer Toolkit versions 3.27.0 has hard coded credentials embedded in binary code in the Android application. | 7.5 |
| 2021-06-16 | CVE-2020-25754 | Use of Password Hash With Insufficient Computational Effort vulnerability in Enphase Envoy Firmware D4.0/R3.0 An issue was discovered on Enphase Envoy R3.x and D4.x devices. | 7.5 |
| 2021-06-16 | CVE-2020-25755 | OS Command Injection vulnerability in Enphase Envoy Firmware D4.0/R3.0 An issue was discovered on Enphase Envoy R3.x and D4.x (and other current) devices. | 8.8 |
| 2019-02-09 | CVE-2019-7676 | Weak Password Requirements vulnerability in Enphase Envoy A weak password vulnerability was discovered in Enphase Envoy R3.*.*. | 7.2 |