Vulnerabilities > Enphase > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-12 | CVE-2024-21877 | Path Traversal vulnerability in Enphase IQ Gateway Firmware Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability through a url parameter in Enphase IQ Gateway (formerly known as Envoy) allows File Manipulation. | 6.5 |
| 2021-06-16 | CVE-2020-25752 | Use of Hard-coded Credentials vulnerability in Enphase Envoy Firmware D4.0/R3.0 An issue was discovered on Enphase Envoy R3.x and D4.x devices. | 5.3 |
| 2019-02-09 | CVE-2019-7677 | Cross-site Scripting vulnerability in Enphase Envoy XSS exists in Enphase Envoy R3.*.* via the profileName parameter to the /home URI on TCP port 8888. | 6.1 |