Описание
SunGrow WiNet-S V200.001.00.P025 and earlier versions is missing integrity checks for firmware upgrades. Sending a specific MQTT message allows an update to an inverter or a WiNet connectivity dongle with a bogus firmware file that is located on attacker-controlled server.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 200.001.00.P025 (включая)
Одновременно
cpe:2.3:o:sungrowpower:winet-s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sungrowpower:winet-s:-:*:*:*:*:*:*:*
EPSS
Процентиль: 19%
0.0006
Низкий
7.5 High
CVSS3
Дефекты
CWE-494
Связанные уязвимости
CVSS3: 7.5
github
12 месяцев назад
SunGrow WiNet-S V200.001.00.P025 and earlier versions is missing integrity checks for firmware upgrades. Sending a specific MQTT message allows an update to an inverter or a WiNet connectivity dongle with a bogus firmware file that is located on attacker-controlled server.
EPSS
Процентиль: 19%
0.0006
Низкий
7.5 High
CVSS3
Дефекты
CWE-494