CVE-2024-50687

Critical CVSS: 9.1

SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references (IDOR) via the devService API model.

Vendor

Product

CWE

Yayın Tarihi

2025-02-26 21:15:17

Güncelleme

2025-04-07 18:51:45

Source Identifier

cve@mitre.org

KEV Date Added

CWE-639 Isolarcloud CRITICAL Sungrowpower 2025

https://en.sungrowpower.com/security-notice-detail-2/6114

Medium

CVE-2024-50684

SunGrow iSolarCloud Android app V2.1.6.20241017 and prior uses an insecure AES key to encrypt client data (insufficient…

Critical

CVE-2024-50685

SunGrow iSolarCloud before the October 31, 2024 remediation, is vulnerable to insecure direct object references (IDOR) v…

Critical

CVE-2024-50686

SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references (IDOR) vi…

Critical

CVE-2024-50688

SunGrow iSolarCloud Android application V2.1.6.20241017 and prior contains hardcoded credentials. The application (regar…

Critical

CVE-2024-50689

SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references (IDOR) vi…

High

CVE-2024-50691

SunGrow iSolarCloud Android app V2.1.6.20241104 and prior suffers from Missing SSL Certificate Validation. The app expli…