{ "dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": { "cveId": "CVE-2024-21880", "assignerOrgId": "00000000-0000-4000-9000-000000000000", "requesterUserId": "00000000-0000-4000-9000-000000000000", "serial": 1, "state": "PUBLISHED" }, "containers": { "cna": { "providerMetadata": { "orgId": "00000000-0000-4000-9000-000000000000" }, "title": "URL parameter manipulations allows an authenticated attacker to execute arbitrary OS commands in Enphase IQ Gateway version 4.x <= 7.x", "datePublic": "2024-08-10T17:00:00.000Z", "problemTypes": [ { "descriptions": [ { "lang": "en", "cweId": "CWE-77", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", "type": "CWE" } ] } ], "impacts": [ { "capecId": "CAPEC-88", "descriptions": [ { "lang": "en", "value": "CAPEC-88 OS Command Injection" } ] } ], "affected": [ { "vendor": "Enphase", "product": "Envoy", "versions": [ { "status": "affected", "version": "7.x", "versionType": "semver" }, { "status": "affected", "version": "6.x", "versionType": "semver" }, { "status": "affected", "version": "5.x", "versionType": "semver" }, { "status": "affected", "version": "4.x", "versionType": "semver" } ], "defaultStatus": "unaffected" } ], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability via the url parameter of an authenticated enpoint in Enphase IQ Gateway (formerly known as Enphase) allows OS Command Injection.This issue affects Envoy: 4.x <= 7.x", "supportingMedia": [ { "type": "text/html", "base64": false, "value": "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability via the url parameter of an authenticated enpoint in Enphase IQ Gateway (formerly known as Enphase) allows OS Command Injection.

This issue affects Envoy: 4.x <= 7.x

" } ] } ], "references": [ { "url": "https://csirt.divd.nl/CVE-2024-21880", "tags": [ "third-party-advisory" ] }, { "url": "https://csirt.divd.nl/DIVD-2024-00011", "tags": [ "related" ] }, { "url": "https://enphase.com/cybersecurity/advisories/ensa-2024-5", "tags": [ "vendor-advisory" ] } ], "metrics": [ { "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ], "cvssV4_0": { "version": "4.0", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "LOW", "Safety": "PRESENT", "Automatable": "YES", "Recovery": "IRRECOVERABLE", "valueDensity": "CONCENTRATED", "vulnerabilityResponseEffort": "HIGH", "providerUrgency": "NOT_DEFINED", "baseSeverity": "HIGH", "baseScore": 8.6, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/S:P/AU:Y/R:I/V:C/RE:H" } } ], "workarounds": [ { "lang": "en", "value": "It is adviced to not expose this device to untrusted network acces. In other words, make sure this decvice is not reachable from the internet, a guest network or a public network.", "supportingMedia": [ { "type": "text/html", "base64": false, "value": "It is adviced to not expose this device to untrusted network acces. In other words, make sure this decvice is not reachable from the internet, a guest network or a public network." } ] } ], "solutions": [ { "lang": "en", "value": "Devices are remotely being updated by the vendor.", "supportingMedia": [ { "type": "text/html", "base64": false, "value": "Devices are remotely being updated by the vendor." } ] } ], "credits": [ { "lang": "en", "value": "Wietse Boonstra of DIVD", "type": "finder" }, { "lang": "en", "value": "Hidde Smit of DIVD", "type": "finder" }, { "lang": "en", "value": "Frank Breedijk of DIVD", "type": "analyst" }, { "lang": "en", "value": "Max van der Horst of DIVD", "type": "analyst" } ], "source": { "advisory": "DIVD-2024-00011", "discovery": "INTERNAL" }, "x_generator": { "engine": "Vulnogram 0.2.0" } } } }