Vulnerabilities > Enphase > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-12 | CVE-2024-21877 | Path Traversal vulnerability in Enphase IQ Gateway Firmware Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability through a url parameter in Enphase IQ Gateway (formerly known as Envoy) allows File Manipulation. | 6.5 |
| 2021-06-16 | CVE-2020-25752 | Use of Hard-coded Credentials vulnerability in Enphase Envoy Firmware D4.0/R3.0 An issue was discovered on Enphase Envoy R3.x and D4.x devices. | 5.0 |
| 2021-06-16 | CVE-2020-25754 | Use of Password Hash With Insufficient Computational Effort vulnerability in Enphase Envoy Firmware D4.0/R3.0 An issue was discovered on Enphase Envoy R3.x and D4.x devices. | 5.0 |
| 2021-06-16 | CVE-2020-25755 | OS Command Injection vulnerability in Enphase Envoy Firmware D4.0/R3.0 An issue was discovered on Enphase Envoy R3.x and D4.x (and other current) devices. | 6.5 |
| 2019-02-09 | CVE-2019-7677 | Cross-site Scripting vulnerability in Enphase Envoy XSS exists in Enphase Envoy R3.*.* via the profileName parameter to the /home URI on TCP port 8888. | 4.3 |
| 2019-02-09 | CVE-2019-7676 | Weak Password Requirements vulnerability in Enphase Envoy A weak password vulnerability was discovered in Enphase Envoy R3.*.*. | 6.5 |