sungrowpower isolarcloud の CVE(8 件)

CVE 件数: 8 CPE versions: View versions table

概要

本ページは sungrowpower isolarcloud に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。

表示中 18 / 8 CVE 件数
«« 先頭 « 前へ 1 / 1 次へ »
CVE 概要 ソース CVSS 最大値 EPSS(%) 公開 更新
CVE-2024-50693 SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references (IDOR) via the userService API model. [email protected] 9.1 0.47% 2025-02-26 2026-06-17
CVE-2024-50691 SunGrow iSolarCloud Android app V2.1.6.20241104 and prior suffers from Missing SSL Certificate Validation. The app explicitly ignores certificate errors and is vulnerable to MiTM attacks. Attackers can impersonate the iSolarCloud server and communicate with the Android app. [email protected] 7.4 0.22% 2025-02-26 2026-06-17
CVE-2024-50689 SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references (IDOR) via the orgService API model. [email protected] 9.1 0.45% 2025-02-26 2026-06-17
CVE-2024-50688 SunGrow iSolarCloud Android application V2.1.6.20241017 and prior contains hardcoded credentials. The application (regardless of the user account) and the cloud uses the same MQTT credentials for exchanging the device telemetry. [email protected] 9.8 0.47% 2025-02-26 2026-06-17
CVE-2024-50687 SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references (IDOR) via the devService API model. [email protected] 9.1 0.41% 2025-02-26 2026-06-17
CVE-2024-50686 SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references (IDOR) via the commonService API model. [email protected] 9.1 0.45% 2025-02-26 2026-06-17
CVE-2024-50685 SunGrow iSolarCloud before the October 31, 2024 remediation, is vulnerable to insecure direct object references (IDOR) via the powerStationService API model. [email protected] 9.1 0.45% 2025-02-26 2026-06-17
CVE-2024-50684 SunGrow iSolarCloud Android app V2.1.6.20241017 and prior uses an insecure AES key to encrypt client data (insufficient entropy). This may allow attackers to decrypt intercepted communications between the mobile app and iSolarCloud. [email protected] 6.5 0.33% 2025-02-26 2026-06-17
«« 先頭 « 前へ 1 / 1 次へ »
cvelogic Threat Intelligence