CVE Tools

enphase

ICS / OT / IoTUScommercial

13

Cumulative CVEs

3

Monthly snapshots

#94

Peak rank

Top products

iq gateway firmware5 envoy5 iq gateway1

Latest CVEs

The 14 most recently published vulnerabilities affecting enphase.

CVE-2024-21876Unauthenticated Path Traversal via URL Parameter in Enphase IQ Gateway version < 8.2.42259.1Aug 10, 2024
CVE-2024-21879URL parameter manipulations allows an authenticated attacker to execute arbitrary OS commands in Enphase IQ Gateway v4.x to v8.x and < v8.2.42258.8Aug 10, 2024
CVE-2024-21877Insecure File Generation Based on User Input in Enphase IQ Gateway version 4.x to 8.x and < 8.2.42256.5Aug 10, 2024
CVE-2024-21880URL parameter manipulations allows an authenticated attacker to execute arbitrary OS commands in Enphase IQ Gateway version 4.x <= 7.x7.2Aug 10, 2024
CVE-2024-21878Command Injection through Unsafe File Name Evaluation in internal script in Enphase IQ Gateway v4.x to and including 8.x9.8Aug 10, 2024
CVE-2023-33869Enphase Envoy OS Command Injection6.3Jun 20, 2023
CVE-2023-32274Enphase Installer Toolkit Android App Use of Hard-coded Credentials8.6Jun 20, 2023
CVE-2020-25755An issue was discovered on Enphase Envoy R3.x and D4.x (and other current) devices. The upgrade_start function in /installer/upgrade_start allows remote authenticated users to execute arbitrary com...8.8Jun 16, 2021
CVE-2020-25754An issue was discovered on Enphase Envoy R3.x and D4.x devices. There is a custom PAM module for user authentication that circumvents traditional user authentication. This module uses a password de...7.5Jun 16, 2021
CVE-2020-25753An issue was discovered on Enphase Envoy R3.x and D4.x devices with v3 software. The default admin password is set to the last 6 digits of the serial number. The serial number can be retrieved by a...9.8Jun 16, 2021
CVE-2020-25752An issue was discovered on Enphase Envoy R3.x and D4.x devices. There are hardcoded web-panel login passwords for the installer and Enphase accounts. The passwords for these accounts are hardcoded ...5.3Jun 16, 2021
CVE-2019-7678A directory traversal vulnerability was discovered in Enphase Envoy R3.*.* via images/, include/, include/js, or include/css on TCP port 8888.9.8Feb 9, 2019
CVE-2019-7677XSS exists in Enphase Envoy R3.*.* via the profileName parameter to the /home URI on TCP port 8888.6.1Feb 9, 2019
CVE-2019-7676A weak password vulnerability was discovered in Enphase Envoy R3.*.*. One can login via TCP port 8888 with the admin password for the admin account.7.2Feb 9, 2019