CVE-2024-50697

Name of the Vulnerable Software and Affected Versions SunGrow WiNet-SV200 versions 0.001.00.P027 and earlier

Description The issue arises when decrypting MQTT messages, specifically due to insufficient bounds checks in the code that parses certain TLV fields. This may lead to a stack-based buffer overflow.

Recommendations For SunGrow WiNet-SV200 versions 0.001.00.P027 and earlier, consider disabling the decryption of MQTT messages until a patch is available. Restrict access to the TLV field parsing functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.