CVE-2024-50697

High CVSS: 8.1

In SunGrow WiNet-SV200.001.00.P027 and earlier versions, when decrypting MQTT messages, the code that parses specific TLV fields does not have sufficient bounds checks. This may result in a stack-based buffer overflow.

Vendor

Sungrowpower

Product

Winet-s Firmware

CWE

CWE-120

Yayın Tarihi

2025-01-24 23:15:09

Güncelleme

2025-05-29 16:02:02

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-120 Winet-s Firmware HIGH Sungrowpower 2025

Referanslar

https://en.sungrowpower.com/security-notice-detail-2/5961

Benzer Kayıtlar

Medium

CVE-2024-50684

SunGrow iSolarCloud Android app V2.1.6.20241017 and prior uses an insecure AES key to encrypt client data (insufficient…

Critical

CVE-2024-50685

SunGrow iSolarCloud before the October 31, 2024 remediation, is vulnerable to insecure direct object references (IDOR) v…

Critical

CVE-2024-50686

SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references (IDOR) vi…

Critical

CVE-2024-50687

SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references (IDOR) vi…

Critical

CVE-2024-50688

SunGrow iSolarCloud Android application V2.1.6.20241017 and prior contains hardcoded credentials. The application (regar…

Critical

CVE-2024-50689

SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references (IDOR) vi…