Growatt Shine Lan-x Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Growatt Shine Lan-x Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2025-36747 — CVSS 9.8 (critical): ShineLan-X contains a set of credentials for an FTP server was found within the firmware, allowing testers to establish an insecure FTP…
CVE-2025-36752 — CVSS 9.8 (critical): Growatt ShineLan-X communication dongle has an undocumented backup account with undocumented credentials which allows significant level…
CVE-2025-36753 — CVSS 9.8 (critical): The SWD debug interface on the Growatt ShineLan-X communication dongle is available by default, allowing an attacker to attain debug access…
CVE-2025-36748 — CVSS 5.4 (medium): ShineLan-X contains a stored cross site scripting (XSS) vulnerability in the local configuration web server. The JavaScript code snippet…
CVE-2025-36750 — CVSS 5.4 (medium): ShineLan-X contains a stored cross site scripting (XSS) vulnerability in the Plant Name field. A HTML payload will be displayed on the…