Multiple vulnerabilities in Sungrow WiNet Firmware
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2024-50692 CVE-2024-50698 CVE-2024-50695 CVE-2024-50697 CVE-2024-50694 CVE-2024-50690 |
| CWE-ID | CWE-798 CWE-122 CWE-121 CWE-259 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
WiNet Firmware Hardware solutions / Firmware |
| Vendor | Sungrow |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Use of hard-coded credentials
EUVDB-ID: #VU105735
Risk: High
CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-50692
CWE-ID:
CWE-798 - Use of Hard-coded Credentials
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain full access to vulnerable system.
The vulnerability exists due to presence of hard-coded MQTT credentials in application code. A remote unauthenticated attacker can access the affected system using the hard-coded credentials.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWiNet Firmware: 200.001.00.P027
CPE2.3- cpe:2.3:h:sungrow:winet_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:h:sungrow:winet_firmware:200.001.00.P027:*:*:*:*:*:*:*
https://www.cisa.gov/news-events/ics-advisories/icsa-25-072-12
https://en.sungrowpower.com/security-notice-detail-2/6136
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Heap-based buffer overflow
EUVDB-ID: #VU105740
Risk: High
CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-50698
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWiNet Firmware: 200.001.00.P027
CPE2.3- cpe:2.3:h:sungrow:winet_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:h:sungrow:winet_firmware:200.001.00.P027:*:*:*:*:*:*:*
https://www.cisa.gov/news-events/ics-advisories/icsa-25-072-12
https://en.sungrowpower.com/security-notice-detail-2/6134
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Stack-based buffer overflow
EUVDB-ID: #VU105739
Risk: High
CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-50695
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when parsing MQTT messages. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWiNet Firmware: 200.001.00.P027
CPE2.3- cpe:2.3:h:sungrow:winet_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:h:sungrow:winet_firmware:200.001.00.P027:*:*:*:*:*:*:*
https://www.cisa.gov/news-events/ics-advisories/icsa-25-072-12
https://en.sungrowpower.com/security-notice-detail-2/6130
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Stack-based buffer overflow
EUVDB-ID: #VU105738
Risk: High
CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-50697
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when decrypting MQTT messages. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWiNet Firmware: 200.001.00.P027
CPE2.3- cpe:2.3:h:sungrow:winet_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:h:sungrow:winet_firmware:200.001.00.P027:*:*:*:*:*:*:*
https://www.cisa.gov/news-events/ics-advisories/icsa-25-072-12
https://en.sungrowpower.com/security-notice-detail-2/6132
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Stack-based buffer overflow
EUVDB-ID: #VU105737
Risk: High
CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-50694
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when copying the time stamp read from an MQTT message. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWiNet Firmware: 200.001.00.P027
CPE2.3- cpe:2.3:h:sungrow:winet_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:h:sungrow:winet_firmware:200.001.00.P027:*:*:*:*:*:*:*
https://www.cisa.gov/news-events/ics-advisories/icsa-25-072-12
https://en.sungrowpower.com/security-notice-detail-2/6128
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Use of Hard-coded Password
EUVDB-ID: #VU105736
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-50690
CWE-ID:
CWE-259 - Use of Hard-coded Password
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to use a hard-coded password. A remote attacker can gain unauthorized access to accounts.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWiNet Firmware: 200.001.00.P027
CPE2.3- cpe:2.3:h:sungrow:winet_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:h:sungrow:winet_firmware:200.001.00.P027:*:*:*:*:*:*:*
https://www.cisa.gov/news-events/ics-advisories/icsa-25-072-12
https://en.sungrowpower.com/security-notice-detail-2/6138
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
