CVE-2024-50684

{"id": "CVE-2024-50684", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.2, "exploitabilityScore": 2.2}]}, "published": "2025-02-26T21:15:17.267", "references": [{"url": "https://en.sungrowpower.com/security-notice-detail-2/6126", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-330"}]}], "descriptions": [{"lang": "en", "value": "SunGrow iSolarCloud Android app V2.1.6.20241017 and prior uses an insecure AES key to encrypt client data (insufficient entropy). This may allow attackers to decrypt intercepted communications between the mobile app and iSolarCloud."}, {"lang": "es", "value": "La aplicaci\u00f3n para Android SunGrow iSolarCloud V2.1.6.20241017 y versiones anteriores utilizan una clave AES insegura para cifrar los datos del cliente (entrop\u00eda insuficiente). Esto puede permitir a los atacantes descifrar las comunicaciones interceptadas entre la aplicaci\u00f3n m\u00f3vil y iSolarCloud."}], "lastModified": "2025-04-07T18:51:59.260", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sungrowpower:isolarcloud:*:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "1D09E105-D83E-48AC-800E-E7329EE4C99F", "versionEndExcluding": "2.1.6.20241104"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}