Insecure Encryption in SunGrow iSolarCloud Android App
CVE-2024-50684

6.5MEDIUM

Key Information:

Vendor: SunGrow
Status: iSolarCloud Android App
Vendor: CVE Published:; 26 February 2025

What is CVE-2024-50684?

The SunGrow iSolarCloud Android app prior to version 2.1.6.20241017 employs an insecure AES key for encrypting client data, compromising the integrity of transmitted information. This weakness allows potential attackers to intercept and decrypt communications between the mobile app and the backend service, posing a significant risk to user privacy and data security.

References

https://en.sungrowpower.com/security-notice-detail-2/6126

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 26, 2025
Vulnerability Reserved
Oct 28, 2024