Sungrowpower Winet-s Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Sungrowpower Winet-s Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2024-50695 — CVSS 9.8 (critical): SunGrow WiNet-SV200.001.00.P027 and earlier versions is vulnerable to stack-based buffer overflow when parsing MQTT messages, due to…
CVE-2024-50694 — CVSS 9.8 (critical): In SunGrow WiNet-SV200.001.00.P027 and earlier versions, when copying the timestamp read from an MQTT message, the underlying code does not…
CVE-2024-50698 — CVSS 9.8 (critical): SunGrow WiNet-SV200.001.00.P027 and earlier versions is vulnerable to heap-based buffer overflow due to bounds checks of the MQTT message…
CVE-2024-50697 — CVSS 8.1 (high): In SunGrow WiNet-SV200.001.00.P027 and earlier versions, when decrypting MQTT messages, the code that parses specific TLV fields does not…
CVE-2024-50696 — CVSS 7.5 (high): SunGrow WiNet-S V200.001.00.P025 and earlier versions is missing integrity checks for firmware upgrades. Sending a specific MQTT message…
CVE-2024-50690 — CVSS 6.5 (medium): SunGrow WiNet-SV200.001.00.P027 and earlier versions contains a hardcoded password that can be used to decrypt all firmware updates.
CVE-2024-50692 — CVSS 5.4 (medium): SunGrow WiNet-SV200.001.00.P027 and earlier versions contains hardcoded MQTT credentials that allow an attacker to send arbitrary commands…