CVE-2024-50684

EPSS 0.11%
Veröffentlicht 26.02.2025 21:15:17
Zuletzt bearbeitet 07.04.2025 18:51:59
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

SunGrow iSolarCloud Android app V2.1.6.20241017 and prior uses an insecure AES key to encrypt client data (insufficient entropy). This may allow attackers to decrypt intercepted communications between the mobile app and iSolarCloud.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sungrowpower ≫ Isolarcloud SwPlatformandroid Version < 2.1.6.20241104

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.11%	0.296

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.5	2.2	4.2	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

CWE-330 Use of Insufficiently Random Values

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

https://en.sungrowpower.com/security-notice-detail-2/6126

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-50684

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-50684

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-50684

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-50684