← Back

CVE-2025-36753

nvd nist
Published: Dec 13, 2025Modified: Jan 14, 2026

JSON object

Loading...
8.6
Vector
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: csirt@divd.nl (Secondary)

Description

The SWD debug interface on the Growatt ShineLan-X communication dongle is available by default, allowing an attacker to attain debug access to the device and to extracting secrets or domains from within the device

Affected (1)

Growatt
1 product
Shine Lan X Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Shine Lan X Firmware
From 3.6.0.0 to 3.6.0.2
Running on/withPlatform Versions
Growatt
Shine Lan X
All versions

Related CWEs

CWE-290
Authentication Bypass by Spoofing
This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

References (1)

Source: csirt@divd.nl
Third Party Advisory

Timeline

No history available yet.