CVE-2024-50692

Published: Jan 24, 2025

Modified: Feb 6, 2025

PUBLISHED

Description

SunGrow WiNet-SV200.001.00.P027 and earlier versions contains hardcoded MQTT credentials that allow an attacker to send arbitrary commands to an arbitrary inverter. It is also possible to impersonate the broker, because TLS is not used to identify the real MQTT broker. This means that MQTT communications are vulnerable to MitM attacks at the TCP/IP level.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://en.sungrowpower.com/security-notice-detail-2/5961

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-50692

Description

Affected Products

References