Back to search
CVE-2025-36747
Published: Dec 13, 2025
Modified: Dec 16, 2025
PUBLISHED
Description
ShineLan-X contains a set of credentials for an FTP server was found within the firmware, allowing testers to establish an insecure FTP connection with the server. This may allow an attacker to replace legitimate files being deployed to devices with their own malicious versions, since the firmware signature verification is not enforced.
| Vendor | Product | Versions |
|---|---|---|
Growatt | ShineLan-X | affected 3.6.0.0 - <= 3.6.0.2 |
Weaknesses (CWE)
References
https://csirt.divd.nl/CVE-2025-36747/
third-party-advisory
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now