ţţ�淨�r��

Advisory ID:
ENSA-2023-2

CVSSv3:
6.3

Issue date:
2023-07-07

Updated on:
2023-07-07 (initial advisory)

CVE(s):
CVE-2023-33869

Synopsis:
ţţ�淨�r�� IQ Gateway 7.3.130/7.6.175 addresses opportunity for command injection in IQ Gateway 7.0.88

1. Impacted product

ţţ�淨�r�� IQ Gateway 7.0.88

2. Introduction

CISA published an advisory identifying an opportunity for command injection in IQ Gateway 7.0.88. An update is available to address this issue.

3. Summary

Description:
ţţ�淨�r�� IQ Gateway 7.0.88 contains an opportunity for command injection that may allow an attacker to execute root commands on the host OS. CISA has evaluated the severity of this issue to be medium with a CVSSv3 base score of 6.3.

Known attack vectors:
A malicious actor may be able to perform a command injection and execute root commands on the host OS.

Resolution:
Upgrading the ţţ�淨�r�� IQ Gateway embedded software to 7.3.130/7.6.175 or newer.

Workarounds:
None.

Additional documentation:
None.

Acknowledgments:
ţţ�淨�r�� would like to thank the anonymous researcher “OBSWCY3F” for reporting this issue.

Notes:
None.

4. References

ţţ�淨�r�� IQ Gateway 7.3.130/7.6.175 release notes

5. Change log

2023-07-07 ENSA-2023-2: Initial security advisory.

6. Contact and information

cybersecurity@enphase.com
ţţ�淨�r�� security advisories
ţţ�淨�r�� vulnerability reporting
ţţ�淨�r�� documentation center