CVE-2025-36747

EPSS 0.29%
Veröffentlicht 13.12.2025 08:16:25
Zuletzt bearbeitet 14.01.2026 18:05:23
Quelle csirt@divd.nl
CVE-Watchlists
Login
Unerledigt
Login

Hardcoded FTP Credentials within the firmware

ShineLan-X contains a set of credentials for an FTP server was found within the firmware, allowing testers to establish an insecure FTP connection with the server. This may allow an attacker to replace legitimate files being deployed to devices with their own malicious versions, since the firmware signature verification is not enforced.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Growatt ≫ Shine Lan-x Firmware Version >= 3.6.0.0 < 3.6.0.2

Growatt ≫ Shine Lan-x Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.29%	0.2

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
csirt@divd.nl	9.4	0	0	CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://csirt.divd.nl/CVE-2025-36747/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-36747

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-36747

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-36747

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-36747