ENSA-2023-2 | ţţ�淨�r��

ţţ�淨�r��

Cybersecurity

ENSA-2023-2: OS Command Injection in ţţ�淨�r�� IQ Gateway (Envoy) 7.0.88

Advisory ID:
ENSA-2023-2

CVSSv3:
6.3

Issue date:
2023-07-07

Updated on:
2023-07-07 (initial advisory)

CVE(s):
CVE-2023-33869

Synopsis:
ţţ�淨�r�� IQ Gateway 7.3.130/7.6.175 addresses opportunity for command injection in IQ Gateway 7.0.88

1. Impacted product

ţţ�淨�r�� IQ Gateway 7.0.88

2. Introduction

CISA published an advisory identifying an opportunity for command injection in IQ Gateway 7.0.88. An update is available to address this issue.

3. Summary

Description:
ţţ�淨�r�� IQ Gateway 7.0.88 contains an opportunity for command injection that may allow an attacker to execute root commands on the host OS. CISA has evaluated the severity of this issue to be medium with a CVSSv3 base score of 6.3.

Known attack vectors:
A malicious actor may be able to perform a command injection and execute root commands on the host OS.

Resolution:
Upgrading the ţţ�淨�r�� IQ Gateway embedded software to 7.3.130/7.6.175 or newer.

Workarounds:
None.

Additional documentation:
None.

Acknowledgments:
ţţ�淨�r�� would like to thank the anonymous researcher “OBSWCY3F” for reporting this issue.

Notes:
None.

4. References

ţţ�淨�r�� IQ Gateway 7.3.130/7.6.175 release notes

5. Change log

2023-07-07 ENSA-2023-2: Initial security advisory.

6. Contact and information

cybersecurity@enphase.com
ţţ�淨�r�� security advisories
ţţ�淨�r�� vulnerability reporting
ţţ�淨�r�� documentation center

Questions? Contact us. We’ll help you build your system, today.

Services and Frequently bought products

Installation at-home consultation

Need help with installation? Start by booking an At-home Consultation with an independent installation professional to receive a quote for your custom installation.

Confirm your installation zip code:

Please confirm your installation zip code

Confirm

Great news: ţţ�淨�r��’s at-home EV charger installation services are available in your area.

Unfortunately, ţţ�淨�r��'s at-home EV charger installation services are not yet available in your area. You can click here to browse electricians with EV charger expertise.

Installation at-home consultation successfully added to cart

Are you shipping to your installation address?

Enter your installation address:

I have read ţţ�淨�r��'s Privacy policy and I have read and agree to ţţ�淨�r��'s terms and conditions.
I understand that this service is fulfilled by an independent professional utilizing the ţţ�淨�r�� O&M Marketplace’s 365 Pronto platform. I confirm that I have reviewed and accept the 365 Pronto Customer Platform Services Agreement.

The zip code entered above does not match the entered address.

Price : $

Add

The At-home Consultation helps determine the full cost to install your new EV charger. The $150 fee is subtracted from your final installation price if you choose to accept the quote. After check out, ţţ�淨�r�� will send you an email from its 365 Pronto Platform describing next steps.

Know more

What is included in this price?

The At-home Consultation includes a report detailing your EV readiness, and a custom, no-obligation quote for your EV charger installation. This $150 fee is subtracted from your final installation price if you choose to accept the quote.

What are the next steps?

After you check out, ţţ�淨�r�� will send you a confirmation email from the 365 Pronto Platform, and your installation professional will directly contact you to schedule a time for your At-home Consultation.

What is the 365 Pronto Platform?

ţţ�淨�r��'s 365 Pronto Platform is software that dispatches independent professionals to perform renewable energy services, including EV charger installations.

How will I be charged for these services?

The charge for your At-home Consultation will be processed through ţţ�淨�r��'s Store. If you choose to accept your installation quote, you will pay for the installation separately via the 365 Pronto Platform.

Show less