Security Advisory

CVE-2024-50692

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-01-24 00:00:00

Last updated 2025-02-06 16:15:21

Assigner mitre

State PUBLISHED

Description

SunGrow WiNet-SV200.001.00.P027 and earlier versions contains hardcoded MQTT credentials that allow an attacker to send arbitrary commands to an arbitrary inverter. It is also possible to impersonate the broker, because TLS is not used to identify the real MQTT broker. This means that MQTT communications are vulnerable to MitM attacks at the TCP/IP level.

← Browse all CVEs View on cve.org ↗