Vulnerability in Enphase Envoy
CVE-2024-21881
Inadequate Encryption Strength vulnerability allow an authenticated attacker to execute arbitrary OS Commands via encrypted package upload.This issue affects Envoy: 4.x and 5.x
EPSS: 0.003 (20.4th percentile) — read the EPSS interpretation.
Affected products
- Enphase Envoy — versions 5.x, 4.x
Weakness classification (CWE)
References
- csirt@divd.nl (third-party-advisory)
- csirt@divd.nl (related)
- csirt@divd.nl (vendor-advisory)