CVE-2024-50688
First published: Wed Feb 26 2025(Updated: )
SunGrow iSolarCloud Android application V2.1.6.20241017 and prior contains hardcoded credentials. The application (regardless of the user account) and the cloud uses the same MQTT credentials for exchanging the device telemetry.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sungrow iSolarCloud | <2.1.6.20241104 | |
| iSolarCloud | <2.1.6.20241017 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-50688?
CVE-2024-50688 is considered a critical vulnerability due to the presence of hardcoded credentials in the SunGrow iSolarCloud application.
How do I fix CVE-2024-50688?
To fix CVE-2024-50688, update the SunGrow iSolarCloud application to version 2.1.6.20241018 or later where the hardcoded credentials issue is resolved.
What are the risks associated with CVE-2024-50688?
The risks include unauthorized access to device telemetry and control due to the shared hardcoded MQTT credentials.
Which versions of the SunGrow iSolarCloud app are affected by CVE-2024-50688?
Versions of the SunGrow iSolarCloud app prior to 2.1.6.20241018 are affected by CVE-2024-50688.
Can CVE-2024-50688 be exploited remotely?
Yes, CVE-2024-50688 can be exploited remotely, allowing attackers to gain unauthorized access to the device telemetry.
- agent/first-publish-date
- agent/type
- agent/references
- agent/author
- agent/source
- agent/description
- agent/weakness
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- vendor/sungrowpower
- canonical/sungrow isolarcloud
- vendor/sungrow
- canonical/isolarcloud