exploitDog

CVE-2024-50691

Опубликовано: 26 фев. 2025

Источник: nvd

CVSS3: 7.4

EPSS Низкий

Описание

SunGrow iSolarCloud Android app V2.1.6.20241104 and prior suffers from Missing SSL Certificate Validation. The app explicitly ignores certificate errors and is vulnerable to MiTM attacks. Attackers can impersonate the iSolarCloud server and communicate with the Android app.

Ссылки

https://en.sungrowpower.com/security-notice-detail-2/6124
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sungrowpower:isolarcloud:*:*:*:*:*:android:*:*

Версия до 2.1.6.20241115 (исключая)

EPSS

Процентиль: 14%

0.00046

Низкий

7.4 High

CVSS3

Дефекты

CWE-295

Связанные уязвимости

GHSA-f9j6-qh7x-56fv

CVSS3: 7.4

github

12 месяцев назад

SunGrow iSolarCloud Android app V2.1.6.20241104 and prior suffers from Missing SSL Certificate Validation. The app explicitly ignores certificate errors and is vulnerable to MiTM attacks. Attackers can impersonate the iSolarCloud server and communicate with the Android app.

EPSS

Процентиль: 14%

0.00046

Низкий

7.4 High

CVSS3

Дефекты

CWE-295