CVE-2024-50688

Published: Feb 26, 2025Modified: Apr 7, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

SunGrow iSolarCloud Android application V2.1.6.20241017 and prior contains hardcoded credentials. The application (regardless of the user account) and the cloud uses the same MQTT credentials for exchanging the device telemetry.

Affected (1)

Products: Sungrowpower: Isolarcloud

Sungrowpower

1 product

Isolarcloud

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sungrowpower Isolarcloud	Before 2.1.6.20241104

Related CWEs

CWE-798

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (1)

https://en.sungrowpower.com/security-notice-detail-2/6122

Source: cve@mitre.org

Vendor Advisory

Timeline

No history available yet.