7.4

CVE-2024-50691

EPSS 0.05%
Veröffentlicht 26.02.2025 21:15:17
Zuletzt bearbeitet 07.04.2025 18:50:56
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

SunGrow iSolarCloud Android app V2.1.6.20241104 and prior suffers from Missing SSL Certificate Validation. The app explicitly ignores certificate errors and is vulnerable to MiTM attacks. Attackers can impersonate the iSolarCloud server and communicate with the Android app.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sungrowpower ≫ Isolarcloud SwPlatformandroid Version < 2.1.6.20241115

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.142

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.4	2.2	5.2	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

https://en.sungrowpower.com/security-notice-detail-2/6124

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-50691

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-50691

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-50691

EUVD