Enphase published cybersecurity advisories are listed below:
- ENSA-2024-6: Upload of Encrypted Packages Allows Authenticated Command Execution in Enphase IQ Gateway (IQ Gateway 4.x.x and 5.x.x)
- ENSA-2024-5: URL Parameter Manipulations Allows An Authenticated Attacker To Execute Arbitrary OS Commands In Enphase IQ Gateway (IQ Gateway 7.x.x)
- ENSA-2024-4: URL Parameter Manipulations Allow An Authenticated Attacker To Execute (IQ Gateway 4.x through 8.2.4224)
- ENSA-2024-3: Command Injection Through Unsafe File Name Evaluation In Internal Script (IQ Gateway 4.x through 8.2.4224)
- ENSA-2024-2: Insecure Cache File Generation Based on User Input (IQ Gateway 4.x through 8.2.4224)
- ENSA-2024-1: Unauthenticated Path Traversal Via URL Parameter (IQ Gateway 4.x through 8.2.4224)
- ENSA-2023-2: OS Command Injection in Enphase IQ Gateway (Envoy) 7.0.88
- ENSA-2023-1: Hard-coded credentials in Enphase Installer App (ITK) 3.27.0