彙總 solaredge 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
歷史漏洞主要涉及 跨站腳本與緩衝區溢位 等問題,部分漏洞可能導致 應用程式崩潰,並影響 生產負載與軟體部署 相關場景。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2025-36746 | SolarEdge monitoring platform contains a Cross‑Site Scripting (XSS) flaw that allows an authenticated user to inject payloads into report names, which may execute in a victim’s browser during a deletion attempt. | [email protected] | 4.8 | 0.14% | 2025-12-12 | 2026-06-17 |
| CVE-2025-36745 | SolarEdge SE3680H ships with an outdated Linux kernel containing unpatched vulnerabilities in core subsystems. An attacker with network or local access can exploit these flaws to achieve remote code execution, privilege escalation, or disclosure of sensitive information. | [email protected] | 7.0 | 0.19% | 2025-12-12 | 2026-06-17 |
| CVE-2025-36744 | SolarEdge SE3680H has unauthenticated disclosure of sensitive information during the bootloader loop. While the device repeatedly initializes and waits for boot instructions, the bootloader emits diagnostic output this behavior can leak operating system information. | [email protected] | 2.4 | 0.14% | 2025-12-12 | 2026-06-17 |
| CVE-2025-36743 | SolarEdge SE3680H has an exposed debug/test interface accessible to unauthenticated actors, allowing disclosure of system internals and execution of debug commands. | [email protected] | 8.6 | 0.19% | 2025-12-12 | 2026-06-17 |
| CVE-2024-28756 | The SolarEdge mySolarEdge application before 2.20.1 for Android has a certificate verification issue that allows a Machine-in-the-middle (MitM) attacker to read and alter all network traffic between the application and the server. | [email protected] | 5.9 | 0.21% | 2024-03-21 | 2026-06-17 |