Summary: The Cybersecurity and Infrastructure Security Agency (CISA) has issued a security advisory regarding critical vulnerabilities found in Sungrow’s iSolarCloud Android App and WiNet firmware, rated with a CVSS v4 base score of 9.5. These vulnerabilities expose significant risks that could allow attackers to access sensitive user data and potentially execute arbitrary code. Users are urged to update their apps and firmware to mitigate these risks.
Affected: Sungrow (iSolarCloud Android App and WiNet firmware)
Keypoints :
- Multiple vulnerabilities, including improper certificate validation and hard-coded credentials, pose critical security threats.
- CVE-2024-50691 allows for adversary-in-the-middle attacks due to the app ignoring certificate errors.
- Users should update their iSolarCloud Android App and WiNet firmware immediately; further vulnerabilities may allow remote code execution.