CVE-2024-50696

Published: Feb 26, 2025

Modified: Mar 4, 2025

PUBLISHED

Description

SunGrow WiNet-S V200.001.00.P025 and earlier versions is missing integrity checks for firmware upgrades. Sending a specific MQTT message allows an update to an inverter or a WiNet connectivity dongle with a bogus firmware file that is located on attacker-controlled server.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://en.sungrowpower.com/security-notice-detail-2/6140

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-50696

Description

Affected Products

References