exploitDog

CVE-2024-50688

Опубликовано: 26 фев. 2025

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

SunGrow iSolarCloud Android application V2.1.6.20241017 and prior contains hardcoded credentials. The application (regardless of the user account) and the cloud uses the same MQTT credentials for exchanging the device telemetry.

Ссылки

https://en.sungrowpower.com/security-notice-detail-2/6122
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sungrowpower:isolarcloud:*:*:*:*:*:android:*:*

Версия до 2.1.6.20241104 (исключая)

EPSS

Процентиль: 37%

0.00156

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-798

Связанные уязвимости

GHSA-qx2g-8xw4-6pqp

CVSS3: 9.8

github

12 месяцев назад

SunGrow iSolarCloud Android application V2.1.6.20241017 and prior contains hardcoded credentials. The application (regardless of the user account) and the cloud uses the same MQTT credentials for exchanging the device telemetry.

EPSS

Процентиль: 37%

0.00156

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-798