CVE-2024-50694

Published: Jan 24, 2025Modified: May 29, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

In SunGrow WiNet-SV200.001.00.P027 and earlier versions, when copying the timestamp read from an MQTT message, the underlying code does not check the bounds of the buffer that is used to store the message. This may lead to a stack-based buffer overflow.

Affected (1)

Products: Sungrowpower: Winet S Firmware

1 product

Winet S Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Sungrowpower Winet S Firmware	Before 200.001.00.p027

Running on/with	Platform Versions
Sungrowpower Winet S	All versions

Related CWEs

Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

References (1)

https://en.sungrowpower.com/security-notice-detail-2/5961

Source: cve@mitre.org

Vendor Advisory

Timeline

No history available yet.