Sungrowpower Isolarcloud — known CVE vulnerabilities
Every CVE whose affected-product data names Sungrowpower Isolarcloud, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2024-50688 — CVSS 9.8 (critical): SunGrow iSolarCloud Android application V2.1.6.20241017 and prior contains hardcoded credentials. The application (regardless of the user…
CVE-2024-50685 — CVSS 9.1 (critical): SunGrow iSolarCloud before the October 31, 2024 remediation, is vulnerable to insecure direct object references (IDOR) via the…
CVE-2024-50686 — CVSS 9.1 (critical): SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references (IDOR) via the commonService…
CVE-2024-50687 — CVSS 9.1 (critical): SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references (IDOR) via the devService…
CVE-2024-50689 — CVSS 9.1 (critical): SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references (IDOR) via the orgService…
CVE-2024-50693 — CVSS 9.1 (critical): SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references (IDOR) via the userService…
CVE-2024-50691 — CVSS 7.4 (high): SunGrow iSolarCloud Android app V2.1.6.20241104 and prior suffers from Missing SSL Certificate Validation. The app explicitly ignores…
CVE-2024-50684 — CVSS 6.5 (medium): SunGrow iSolarCloud Android app V2.1.6.20241017 and prior uses an insecure AES key to encrypt client data (insufficient entropy). This may…