Skip to the content.

CVE-2024-21876

Unauthenticated Path Traversal via URL Parameter in Enphase IQ Gateway version < 8.2.4225

CVE CVE-2024-21876
Title Unauthenticated Path Traversal via URL Parameter in Enphase IQ Gateway version < 8.2.4225
Case DIVD-2024-00011
Credits
Affected products
Product Affected Unaffected Unknown
Enphase IQ Gateway >= 8.0 to < 8.2.4225 (semver)
= 7.x (semver)
= 6.x (semver)
= 5.x (semver)
= 4.x (semver)
everything else
CVSS Scenario 1 : GENERAL
Base score 9.3 - CRITICAL
Attack Vector NETWORK
Attack Complexity> LOW
Attack Requirements NONE
Privileges Required NONE
Confidentiality Impact
Vulnerable system HIGH Subsequent systems NONE
Integrity Impact
Vulnerable system HIGH Subsequent systems NONE
Availability Impact
Vulnerable system NONE Subsequent systems NONE
Safety impact NEGLIGIBLE
Automatable YES
Recovery NOT_DEFINED
Value Density DIFFUSE
Vulnerability Response effort HIGH
Provider Urgency NOT_DEFINED

Scenario 2 : Chain of CVE-2024-21876, CVE-2024-21877 and CVE-2024-21878
Base score 9.2 - CRITICAL
Attack Vector NETWORK
Attack Complexity> HIGH
Attack Requirements NONE
Privileges Required NONE
Confidentiality Impact
Vulnerable system HIGH Subsequent systems LOW
Integrity Impact
Vulnerable system HIGH Subsequent systems LOW
Availability Impact
Vulnerable system HIGH Subsequent systems LOW
Safety impact PRESENT
Automatable YES
Recovery IRRECOVERABLE
Value Density CONCENTRATED
Vulnerability Response effort HIGH
Provider Urgency NOT_DEFINED
References
Problem type(s) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Impact(s) CAPEC-165 File Manipulation
Date published 10 Aug 2024 17:00 UTC
Last modified

Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability via a URL parameter in Enphase IQ Gateway (formerly known as Envoy) allows an unautheticated attacker to access or create arbitratry files.

This issue affects Envoy: from 4.x to 8.x and < 8.2.4225.

Workaround(s)

It is adviced to not expose this device to untrusted network acces. In other words, make sure this decvice is not reachable from the internet, a guest network or a public network.

Solution(s)

Devices are remotely being updated by the vendor.


JSON version.