PT-2025-8748 · Sungrow · Sungrow Winet-S

Published

2025-02-26

Updated

2025-03-08

CVE-2024-50696

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions SunGrow WiNet-S versions V200.001.00.P025 and earlier

Description The issue is related to missing integrity checks for firmware upgrades. By sending a specific MQTT message, it is possible to update an inverter or a WiNet connectivity dongle with a bogus firmware file located on an attacker-controlled server.

Recommendations For SunGrow WiNet-S versions V200.001.00.P025 and earlier, consider implementing integrity checks for firmware upgrades to prevent the installation of bogus firmware files. As a temporary workaround, restrict access to the firmware update mechanism until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-494

Related Identifiers

CVE-2024-50696

Affected Products

Sungrow Winet-S

PT-2025-8748 · Sungrow · Sungrow Winet-S

CVE-2024-50696

Weakness Enumeration

Related Identifiers

Affected Products

References · 5