CVE-2024-50692

SunGrow WiNet-SV200.001.00.P027 and earlier versions contains hardcoded MQTT credentials that allow an attacker to send arbitrary commands to an arbitrary inverter. It is also possible to impersonate the broker, because TLS is not used to identify the real MQTT broker. This means that MQTT communications are vulnerable to MitM attacks at the TCP/IP level.

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://en.sungrowpower.com/security-notice-detail-2/5961	Vendor Advisory
https://mqtt-pwn.readthedocs.io/en/latest/intro.html	Product

Configurations

Configuration 1 (hide)

cpe:2.3:o:sungrowpower:winet-s_firmware:200.001.00.p027:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:sungrowpower:winet-s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sungrowpower:winet-s:-:*:*:*:*:*:*:*

History

29 May 2025, 16:02

Type	Values Removed	Values Added
References	~~() https://en.sungrowpower.com/security-notice-detail-2/5961 -~~	() https://en.sungrowpower.com/security-notice-detail-2/5961 - Vendor Advisory
References	~~() https://mqtt-pwn.readthedocs.io/en/latest/intro.html -~~	() https://mqtt-pwn.readthedocs.io/en/latest/intro.html - Product
CPE		cpe:2.3:o:sungrowpower:winet-s_firmware:200.001.00.p027:::::::* cpe:2.3:h:sungrowpower:winet-s:-:::::::* cpe:2.3:o:sungrowpower:winet-s_firmware::::::::
First Time		Sungrowpower Sungrowpower winet-s Firmware Sungrowpower winet-s

06 Feb 2025, 17:15

Type	Values Removed	Values Added
Summary		(es) SunGrow WiNet-SV200.001.00.P027 y versiones anteriores contienen credenciales MQTT codificadas que permiten a un atacante enviar comandos arbitrarios a un inversor arbitrario. También es posible hacerse pasar por el bróker, ya que no se utiliza TLS para identificar al bróker MQTT real. Esto significa que las comunicaciones MQTT son vulnerables a ataques MitM a nivel TCP/IP.
CWE		CWE-798
References		() https://mqtt-pwn.readthedocs.io/en/latest/intro.html -
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.4

24 Jan 2025, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-24 23:15

Updated : 2025-05-29 16:02

NVD link : CVE-2024-50692

Mitre link : CVE-2024-50692

CVE.ORG link : CVE-2024-50692

JSON object : View

Products Affected

sungrowpower

winet-s_firmware
winet-s

CWE

CWE-798

Use of Hard-coded Credentials

{"id": "CVE-2024-50692", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2025-01-24T23:15:08.893", "references": [{"url": "https://en.sungrowpower.com/security-notice-detail-2/5961", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://mqtt-pwn.readthedocs.io/en/latest/intro.html", "tags": ["Product"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "SunGrow WiNet-SV200.001.00.P027 and earlier versions contains hardcoded MQTT credentials that allow an attacker to send arbitrary commands to an arbitrary inverter. It is also possible to impersonate the broker, because TLS is not used to identify the real MQTT broker. This means that MQTT communications are vulnerable to MitM attacks at the TCP/IP level."}, {"lang": "es", "value": "SunGrow WiNet-SV200.001.00.P027 y versiones anteriores contienen credenciales MQTT codificadas que permiten a un atacante enviar comandos arbitrarios a un inversor arbitrario. Tambi\u00e9n es posible hacerse pasar por el br\u00f3ker, ya que no se utiliza TLS para identificar al br\u00f3ker MQTT real. Esto significa que las comunicaciones MQTT son vulnerables a ataques MitM a nivel TCP/IP."}], "lastModified": "2025-05-29T16:02:26.353", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sungrowpower:winet-s_firmware:200.001.00.p027:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "63F88B4E-D11C-45DA-B951-A2198E22F316"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sungrowpower:winet-s_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7EC5C36C-0726-4C02-9C89-FC97EB06D144", "versionEndExcluding": "200.001.00.p027"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sungrowpower:winet-s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "30D17448-43BC-46D6-87E8-B67F5FBBDFB5"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}

5.4 /10