Vulnerability Details CVE-2024-50696
SunGrow WiNet-S V200.001.00.P025 and earlier versions is missing integrity checks for firmware upgrades. Sending a specific MQTT message allows an update to an inverter or a WiNet connectivity dongle with a bogus firmware file that is located on attacker-controlled server.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 6.6%
CVSS Severity
CVSS v3 Score 7.5
Products affected by CVE-2024-50696
-
cpe:2.3:h:sungrowpower:winet-s:-
-
cpe:2.3:o:sungrowpower:winet-s_firmware:*