exploitDog

CVE-2024-50692

Опубликовано: 24 янв. 2025

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

SunGrow WiNet-SV200.001.00.P027 and earlier versions contains hardcoded MQTT credentials that allow an attacker to send arbitrary commands to an arbitrary inverter. It is also possible to impersonate the broker, because TLS is not used to identify the real MQTT broker. This means that MQTT communications are vulnerable to MitM attacks at the TCP/IP level.

Ссылки

https://en.sungrowpower.com/security-notice-detail-2/5961
Vendor Advisory
https://mqtt-pwn.readthedocs.io/en/latest/intro.html
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:sungrowpower:winet-s_firmware:200.001.00.p027:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:sungrowpower:winet-s_firmware:*:*:*:*:*:*:*:*

Версия до 200.001.00.p027 (исключая)

cpe:2.3:h:sungrowpower:winet-s:-:*:*:*:*:*:*:*

EPSS

Процентиль: 20%

0.00063

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-798

Связанные уязвимости

GHSA-gxmw-34m7-64r8

CVSS3: 5.4

github

около 1 года назад

SunGrow WiNet-SV200.001.00.P027 and earlier versions contains hardcoded MQTT credentials that allow an attacker to send arbitrary commands to an arbitrary inverter. It is also possible to impersonate the broker, because TLS is not used to identify the real MQTT broker. This means that MQTT communications are vulnerable to MitM attacks at the TCP/IP level.

EPSS

Процентиль: 20%

0.00063

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-798