5.4

CVE-2024-50692

EPSS 0.16%
Veröffentlicht 24.01.2025 23:15:08
Zuletzt bearbeitet 29.05.2025 16:02:26
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

SunGrow WiNet-SV200.001.00.P027 and earlier versions contains hardcoded MQTT credentials that allow an attacker to send arbitrary commands to an arbitrary inverter. It is also possible to impersonate the broker, because TLS is not used to identify the real MQTT broker. This means that MQTT communications are vulnerable to MitM attacks at the TCP/IP level.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sungrowpower ≫ Winet-s Firmware Version200.001.00.p027

Sungrowpower ≫ Winet-s Firmware Version < 200.001.00.p027

Sungrowpower ≫ Winet-s Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.16%	0.36

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.4	2.3	2.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://en.sungrowpower.com/security-notice-detail-2/5961

Vendor Advisory

https://mqtt-pwn.readthedocs.io/en/latest/intro.html

Product

https://nvd.nist.gov/vuln/detail/CVE-2024-50692

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-50692

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-50692

EUVD