Back to search
CVE-2025-36752
Published: Dec 13, 2025
Modified: Jan 7, 2026
PUBLISHED
Description
Growatt ShineLan-X communication dongle has an undocumented backup account with undocumented credentials which allows significant level access to the device, such as allowing any attacker to access the Setting Center. This means that this is effectively backdoor for all devices utilizing a Growatt ShineLan-X communication dongle.
| Vendor | Product | Versions |
|---|---|---|
Growatt | ShineLan-X | affected 3.6.0.0 - <= 3.6.0.2 |
Weaknesses (CWE)
References
https://csirt.divd.nl/CVE-2025-36752/
third-party-advisory
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now