exploitDog

CVE-2024-28756

Опубликовано: 21 мар. 2024

Источник: nvd

CVSS3: 5.9

EPSS Низкий

Описание

The SolarEdge mySolarEdge application before 2.20.1 for Android has a certificate verification issue that allows a Machine-in-the-middle (MitM) attacker to read and alter all network traffic between the application and the server.

Ссылки

https://www.solaredge.com/coordinated-vulnerability-disclosure-policy/advisories/sedg-2024-1
Vendor Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-012.txt
Exploit
Third Party Advisory
https://www.solaredge.com/coordinated-vulnerability-disclosure-policy/advisories/sedg-2024-1
Vendor Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-012.txt
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:solaredge:mysolaredge:*:*:*:*:*:android:*:*

Версия до 2.20.1 (исключая)

EPSS

Процентиль: 19%

0.00061

Низкий

5.9 Medium

CVSS3

Дефекты

CWE-125

Связанные уязвимости

GHSA-69g2-mv93-2xq7

CVSS3: 5.9

github

почти 2 года назад

The SolarEdge mySolarEdge application before 2.20.1 for Android has a certificate verification issue that allows a Machine-in-the-middle (MitM) attacker to read and alter all network traffic between the application and the server.

EPSS

Процентиль: 19%

0.00061

Низкий

5.9 Medium

CVSS3

Дефекты

CWE-125