CVEs (5)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Growatt 1Shine Lan X Firmware Jan 14, 2026 Dec 13, 2025 8.6 HIGH· v4 9.8 CRITICAL· v3 N/A· v2 The SWD debug interface on the Growatt ShineLan-X communication dongle is available by default, allowing an attacker to attain debug access to the device and to extracting secrets or domains from within the device |
1Growatt 1Shine Lan X Firmware Jan 14, 2026 Dec 13, 2025 9.4 CRITICAL· v4 9.8 CRITICAL· v3 N/A· v2 Growatt ShineLan-X communication dongle has an undocumented backup account with undocumented credentials which allows significant level access to the device, such as allowing any attacker to access the Setting Center. Th...Show more |
1Growatt 1Shine Lan X Firmware Jan 14, 2026 Dec 13, 2025 8.5 HIGH· v4 5.4 MEDIUM· v3 N/A· v2 ShineLan-X contains a stored cross site scripting (XSS) vulnerability in the Plant Name field. A HTML payload will be displayed on the plant management page via a direct post. This may allow attackers to force a legitima...Show more |
1Growatt 1Shine Lan X Firmware Jan 14, 2026 Dec 13, 2025 8.4 HIGH· v4 5.4 MEDIUM· v3 N/A· v2 ShineLan-X contains a stored cross site scripting (XSS) vulnerability in the local configuration web server. The JavaScript code snippet can be inserted in the communication module’s settings center. This may allow attac...Show more |
1Growatt 1Shine Lan X Firmware Jan 14, 2026 Dec 13, 2025 9.4 CRITICAL· v4 9.8 CRITICAL· v3 N/A· v2 ShineLan-X contains a set of credentials for an FTP server was found within the firmware, allowing testers to establish an insecure FTP connection with the server. This may allow an attacker to replace legitimate files b...Show more |