CVE-2024-21876
CVSS 3.1 Score 9.1 of 10 (high)
Details
Summary
CVE-2024-21876 is a newly disclosed path traversal vulnerability that affects Enphase IQ Gateway, formerly known as Envoy, from versions 4.x to 8.x and older than 8.2.4225. An unauthenticated attacker can exploit this issue by providing a malicious URL parameter, potentially allowing them to access or create arbitrary files on the affected system. This vulnerability poses a significant risk, as it can lead to data breaches or system compromise. It is recommended that users upgrade to a patched version of the Enphase IQ Gateway software as soon as possible to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.