Insecure Direct Object Reference Vulnerability in SunGrow iSolarCloud
CVE-2024-50689

9.1CRITICAL

Key Information:

Vendor: SunGrow
Status: iSolarCloud
Vendor: CVE Published:; 26 February 2025

What is CVE-2024-50689?

The SunGrow iSolarCloud platform is susceptible to an Insecure Direct Object Reference (IDOR) vulnerability through its orgService API model. This flaw could allow unauthorized individuals to access restricted data, leading to potential data breaches and compromising sensitive information. It is critical for users to apply the necessary updates and remediate their systems before the scheduled patch on October 31, 2024, to mitigate these risks effectively.

References

https://en.sungrowpower.com/security-notice-detail-2/6116

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 26, 2025
Vulnerability Reserved
Oct 28, 2024