PT-2025-6771 · Goodwe Technologies Co. · Gw1500‑Xs
Published
2025-02-14
·
Updated
2025-02-15
·
CVE-2024-8893
CVSS v3.1
7.3
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
GoodWe Technologies Co., Ltd. GW1500‑XS version 1.1.2.1
Description
The issue affects GoodWe Technologies Co., Ltd. GW1500‑XS, allowing anyone in physical proximity to the device to fully access the web interface of the inverter via Wi‑Fi due to the use of hard-coded credentials.
Recommendations
For version 1.1.2.1, consider changing the default credentials to custom, secure ones as soon as possible to prevent unauthorized access. As a temporary workaround, restrict physical access to the device and its Wi‑Fi network to minimize the risk of exploitation.
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gw1500‑Xs