CVE-2024-50692 – SunGrow WiNet-SV200 MQTT Broker Information Disclosure and Authentication Bypass Vulnerability

January 25, 2025
12:18 am

CVE ID : CVE-2024-50692

Published : Jan. 24, 2025, 11:15 p.m. | 1 hour, 3 minutes ago

Description : SunGrow WiNet-SV200.001.00.P027 and earlier versions contains hardcoded MQTT credentials that allow an attacker to send arbitrary commands to an arbitrary inverter. It is also possible to impersonate the broker, because TLS is not used to identify the real MQTT broker. This means that MQTT communications are vulnerable to MitM attacks at the TCP/IP level.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-50692 – SunGrow WiNet-SV200 MQTT Broker Information Disclosure and Authentication Bypass Vulnerability

Elvescore.io

Recent Posts

CVE-2022-49043 – Libxml2 XML XInclude Use-After-Free Vulnerability

CVE-2024-10574 – “Quiz Maker Business, Developer, and Agency WordPress Unauthorized Modification and Cross-Site Scripting Vulnerability”

CVE-2024-10628 – Woocommerce Quiz Maker SQL Injection Vulnerability

CVE-2024-10633 – Quiz Maker Business, Developer, and Agency WordPress Plugin Shortcode Injection Vulnerability

CVE-2024-10636 – Quiz Maker Business/Developer/Agency WordPress Reflected Cross-Site Scripting

CVE-2025-24858 – Develocity Gradle Enterprise Password Hash Exposure

CVE-2024-50692 – SunGrow WiNet-SV200 MQTT Broker Information Disclosure and Authentication Bypass Vulnerability

CVE-2024-50692 – SunGrow WiNet-SV200 MQTT Broker Information Disclosure and Authentication Bypass Vulnerability