Vulnerability Details CVE-2024-50691
SunGrow iSolarCloud Android app V2.1.6.20241104 and prior suffers from Missing SSL Certificate Validation. The app explicitly ignores certificate errors and is vulnerable to MiTM attacks. Attackers can impersonate the iSolarCloud server and communicate with the Android app.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 34.1%
CVSS Severity
CVSS v3 Score 7.4
Products affected by CVE-2024-50691
-
cpe:2.3:a:sungrowpower:isolarcloud:2.1.6.20241017
-
cpe:2.3:a:sungrowpower:isolarcloud:2.1.6.20241104