Cloud Portal

cloud_portal

Vendor: Growatt • 30 CVEs

CVEs (30)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-31950 1Growatt 1Cloud Portal Nov 12, 2025 Apr 15, 2025 6.9 MEDIUM· v4 5.3 MEDIUM· v3 N/A· v2 An unauthenticated attacker can obtain EV charger energy consumption information of other users.
CVE-2025-31945 1Growatt 1Cloud Portal Nov 12, 2025 Apr 15, 2025 6.9 MEDIUM· v4 5.3 MEDIUM· v3 N/A· v2 An unauthenticated attacker can obtain other users' charger information.
CVE-2025-31654 1Growatt 1Cloud Portal Nov 12, 2025 Apr 15, 2025 6.9 MEDIUM· v4 5.3 MEDIUM· v3 N/A· v2 An attacker can get information about the groups of the smart home devices for arbitrary users (i.e., "rooms").
CVE-2025-31360 1Growatt 1Cloud Portal Nov 12, 2025 Apr 15, 2025 6.9 MEDIUM· v4 7.5 HIGH· v3 N/A· v2 Unauthenticated attackers can trigger device actions associated with specific "scenes" of arbitrary users.
CVE-2025-31147 1Growatt 1Cloud Portal Nov 14, 2025 Apr 15, 2025 6.9 MEDIUM· v4 5.3 MEDIUM· v3 N/A· v2 Unauthenticated attackers can query information about total energy consumed by EV chargers of arbitrary users.
CVE-2025-30512 1Growatt 1Cloud Portal Nov 14, 2025 Apr 15, 2025 6.9 MEDIUM· v4 6.5 MEDIUM· v3 N/A· v2 Unauthenticated attackers can send configuration settings to device and possible perform physical actions remotely (e.g., on/off).
CVE-2025-30510 1Growatt 1Cloud Portal Nov 14, 2025 Apr 15, 2025 9.3 CRITICAL· v4 9.8 CRITICAL· v3 N/A· v2 An attacker can upload an arbitrary file instead of a plant image.
CVE-2025-30257 1Growatt 1Cloud Portal Nov 14, 2025 Apr 15, 2025 6.9 MEDIUM· v4 5.3 MEDIUM· v3 N/A· v2 Unauthenticated attackers can retrieve serial number of smart meters associated to a specific user account.
CVE-2025-27929 1Growatt 1Cloud Portal Nov 14, 2025 Apr 15, 2025 6.9 MEDIUM· v4 5.3 MEDIUM· v3 N/A· v2 Unauthenticated attackers can retrieve full list of users associated with arbitrary accounts.
CVE-2025-27927 1Growatt 1Cloud Portal Nov 14, 2025 Apr 15, 2025 6.9 MEDIUM· v4 5.3 MEDIUM· v3 N/A· v2 An unauthenticated attackers can obtain a list of smart devices by knowing a valid username through an unprotected API.
CVE-2025-27719 1Growatt 1Cloud Portal Nov 14, 2025 Apr 15, 2025 6.9 MEDIUM· v4 5.3 MEDIUM· v3 N/A· v2 Unauthenticated attackers can query an API endpoint and get device details.
CVE-2025-27575 1Growatt 1Cloud Portal Nov 14, 2025 Apr 15, 2025 6.9 MEDIUM· v4 5.3 MEDIUM· v3 N/A· v2 An unauthenticated attacker can obtain EV charger version and firmware upgrading history by knowing the charger ID.
CVE-2025-27565 1Growatt 1Cloud Portal Nov 14, 2025 Apr 15, 2025 6.9 MEDIUM· v4 5.3 MEDIUM· v3 N/A· v2 An unauthenticated attacker can delete any user's "rooms" by knowing the user's and room IDs.
CVE-2025-27561 1Growatt 1Cloud Portal Nov 14, 2025 Apr 15, 2025 6.9 MEDIUM· v4 5.3 MEDIUM· v3 N/A· v2 Unauthenticated attackers can rename "rooms" of arbitrary users.
CVE-2025-26857 1Growatt 1Cloud Portal Nov 14, 2025 Apr 15, 2025 6.9 MEDIUM· v4 5.3 MEDIUM· v3 N/A· v2 Unauthenticated attackers can rename arbitrary devices of arbitrary users (i.e., EV chargers).
CVE-2025-25276 1Growatt 1Cloud Portal Nov 14, 2025 Apr 15, 2025 6.9 MEDIUM· v4 6.5 MEDIUM· v3 N/A· v2 An unauthenticated attacker can hijack other users' devices and potentially control them.
CVE-2025-24850 1Growatt 1Cloud Portal Nov 14, 2025 Apr 15, 2025 6.9 MEDIUM· v4 5.3 MEDIUM· v3 N/A· v2 An attacker can export other users' plant information.
CVE-2025-24315 1Growatt 1Cloud Portal Nov 14, 2025 Apr 15, 2025 6.9 MEDIUM· v4 5.3 MEDIUM· v3 N/A· v2 Unauthenticated attackers can add devices of other users to their scenes (or arbitrary scenes of other arbitrary users).
CVE-2025-24297 1Growatt 1Cloud Portal Nov 14, 2025 Apr 15, 2025 9.3 CRITICAL· v4 9.8 CRITICAL· v3 N/A· v2 Due to lack of server-side input validation, attackers can inject malicious JavaScript code into users personal spaces of the web portal.
CVE-2025-31949 1Growatt 1Cloud Portal Nov 14, 2025 Apr 15, 2025 6.9 MEDIUM· v4 5.3 MEDIUM· v3 N/A· v2 An authenticated attacker can obtain any plant name by knowing the plant ID.

12 Next