CVE-2024-50692

SunGrow WiNet-SV200.001.00.P027 and earlier versions contains hardcoded MQTT credentials that allow an attacker to send arbitrary commands to an arbitrary inverter. It is also possible to impersonate the broker, because TLS is not used to identify the real MQTT broker. This means that MQTT communications are vulnerable to MitM attacks at the TCP/IP level.

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://en.sungrowpower.com/security-notice-detail-2/5961	Vendor Advisory
https://mqtt-pwn.readthedocs.io/en/latest/intro.html	Product

Configurations

Configuration 1 (hide)

cpe:2.3:o:sungrowpower:winet-s_firmware:200.001.00.p027:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:sungrowpower:winet-s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sungrowpower:winet-s:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-01-24 23:15

Updated : 2025-05-29 16:02

NVD link : CVE-2024-50692

Mitre link : CVE-2024-50692

CVE.ORG link : CVE-2024-50692

JSON object : View

Products Affected

sungrowpower

winet-s_firmware
winet-s

CWE

CWE-798

Use of Hard-coded Credentials

{"id": "CVE-2024-50692", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2025-01-24T23:15:08.893", "references": [{"url": "https://en.sungrowpower.com/security-notice-detail-2/5961", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://mqtt-pwn.readthedocs.io/en/latest/intro.html", "tags": ["Product"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "SunGrow WiNet-SV200.001.00.P027 and earlier versions contains hardcoded MQTT credentials that allow an attacker to send arbitrary commands to an arbitrary inverter. It is also possible to impersonate the broker, because TLS is not used to identify the real MQTT broker. This means that MQTT communications are vulnerable to MitM attacks at the TCP/IP level."}, {"lang": "es", "value": "SunGrow WiNet-SV200.001.00.P027 y versiones anteriores contienen credenciales MQTT codificadas que permiten a un atacante enviar comandos arbitrarios a un inversor arbitrario. Tambi\u00e9n es posible hacerse pasar por el br\u00f3ker, ya que no se utiliza TLS para identificar al br\u00f3ker MQTT real. Esto significa que las comunicaciones MQTT son vulnerables a ataques MitM a nivel TCP/IP."}], "lastModified": "2025-05-29T16:02:26.353", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sungrowpower:winet-s_firmware:200.001.00.p027:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "63F88B4E-D11C-45DA-B951-A2198E22F316"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sungrowpower:winet-s_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7EC5C36C-0726-4C02-9C89-FC97EB06D144", "versionEndExcluding": "200.001.00.p027"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sungrowpower:winet-s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "30D17448-43BC-46D6-87E8-B67F5FBBDFB5"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}