Details of VAR-202501-2580

ID

VAR-202501-2580

CVE

CVE-2024-50692

TITLE

SunGrow WiNet-S Trust Management Issue Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-03257

DESCRIPTION

SunGrow WiNet-SV200.001.00.P027 and earlier versions contains hardcoded MQTT credentials that allow an attacker to send arbitrary commands to an arbitrary inverter. It is also possible to impersonate the broker, because TLS is not used to identify the real MQTT broker. This means that MQTT communications are vulnerable to MitM attacks at the TCP/IP level. SunGrow WiNet-S is a LAN communication module from SunGrow, a Chinese company

Trust: 1.44

sources: NVD: CVE-2024-50692 // CNVD: CNVD-2025-03257

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-03257

AFFECTED PRODUCTS

vendor:

sungrow

model:

winet-s <=v200.001.00.p027

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2025-03257

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-50692
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2025-03257
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2025-03257
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-50692
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.3
impactScore:	2.7
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-03257 // NVD: CVE-2024-50692

PROBLEMTYPE DATA

problemtype:

CWE-798

Trust: 1.0

sources: NVD: CVE-2024-50692

PATCH

title:

Patch for SunGrow WiNet-S Trust Management Issue Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/656736

Trust: 0.6

sources: CNVD: CNVD-2025-03257

EXTERNAL IDS

db:	NVD	id:	CVE-2024-50692	Trust: 1.6
db:	CNVD	id:	CNVD-2025-03257	Trust: 0.6

sources: CNVD: CNVD-2025-03257 // NVD: CVE-2024-50692

REFERENCES

url:	https://en.sungrowpower.com/security-notice-detail-2/5961	Trust: 1.6
url:	https://mqtt-pwn.readthedocs.io/en/latest/intro.html	Trust: 1.0

sources: CNVD: CNVD-2025-03257 // NVD: CVE-2024-50692

SOURCES

db:	CNVD	id:	CNVD-2025-03257
db:	NVD	id:	CVE-2024-50692

LAST UPDATE DATE

2025-02-23T23:06:29.817000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-03257	date:	2025-02-20T00:00:00
db:	NVD	id:	CVE-2024-50692	date:	2025-02-06T17:15:19.313

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-03257	date:	2025-02-21T00:00:00
db:	NVD	id:	CVE-2024-50692	date:	2025-01-24T23:15:08.893