PT-2025-8746 · Sungrow · Sungrow Isolarcloud Android App

Published

2025-02-26

Updated

2025-03-18

CVE-2024-50691

CVSS v3.1

7.4

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions SunGrow iSolarCloud Android app versions V2.1.6.20241104 and prior

Description The issue concerns a Missing SSL Certificate Validation in the app, which explicitly ignores certificate errors, making it vulnerable to Man-in-the-Middle (MiTM) attacks. This allows attackers to impersonate the iSolarCloud server and communicate with the Android app.

Recommendations For SunGrow iSolarCloud Android app versions V2.1.6.20241104 and prior, update to a version that properly validates SSL certificates to prevent MiTM attacks.

Fix

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

CVE-2024-50691

Affected Products

Sungrow Isolarcloud Android App

PT-2025-8746 · Sungrow · Sungrow Isolarcloud Android App

CVE-2024-50691

Weakness Enumeration

Related Identifiers

Affected Products

References · 16