CVE-2024-50688
CRITICALSunGrow iSolarCloud < 2.1.6.20241104 - Use of Hard-coded Credentials
Title source: llmDescription
SunGrow iSolarCloud Android application V2.1.6.20241017 and prior contains hardcoded credentials. The application (regardless of the user account) and the cloud uses the same MQTT credentials for exchanging the device telemetry.
References (1)
Core 1
Core References
Vendor Advisory
https://en.sungrowpower.com/security-notice-detail-2/6122
Scores
CVSS v3
9.8
EPSS
0.0047
EPSS Percentile
37.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-798
Status
published
Products (1)
sungrowpower/isolarcloud
< 2.1.6.20241104
Published
Feb 26, 2025
Tracked Since
Feb 18, 2026