Buffer Overflow in SunGrow WiNet-SV200 MQTT Message Decryption
CVE-2024-50697

8.1HIGH

Key Information:

Vendor: SunGrow
Status: WiNet-SV200
Vendor: CVE Published:; 24 January 2025

What is CVE-2024-50697?

The WiNet-SV200 product line from SunGrow is susceptible to a buffer overflow vulnerability during the decryption of MQTT messages. Specifically, the parsing of certain TLV fields lacks adequate bounds checks, which may lead to stack-based buffer overflow conditions. This flaw poses a significant risk to the system's integrity and could potentially allow malicious code execution, elevating the need for immediate patches and updates to mitigate potential exploitation.

References

https://en.sungrowpower.com/security-notice-detail-2/5961

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 24, 2025
Vulnerability Reserved
Oct 28, 2024