CVE-2025-27927

Medium CVSS: 6.9

An unauthenticated attackers can obtain a list of smart devices by knowing a valid username through an unprotected API.

Vendor

Product

CWE

Yayın Tarihi

2025-04-15 22:15:25

Güncelleme

2025-11-14 18:12:46

Source Identifier

ics-cert@hq.dhs.gov

KEV Date Added

CWE-639 Cloud Portal MEDIUM Growatt 2025

https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04

High

CVE-2025-36750

ShineLan-X contains a stored cross site scripting (XSS) vulnerability in the Plant Name field. A HTML payload will be di…

Critical

CVE-2025-36752

Growatt ShineLan-X communication dongle has an undocumented backup account with undocumented credentials which allows si…

High

CVE-2025-36753

The SWD debug interface on the Growatt ShineLan-X communication dongle is available by default, allowing an attacker to…

Critical

CVE-2025-36747

ShineLan-X contains a set of credentials for an FTP server was found within the firmware, allowing testers to establish…

High

CVE-2025-36748

ShineLan-X contains a stored cross site scripting (XSS) vulnerability in the local configuration web server. The JavaScr…

Medium

CVE-2025-31147

Unauthenticated attackers can query information about total energy consumed by EV chargers of arbitrary users.