CybersecurityIoT & Mobile Security

Sungrow iSolarCloud Android App: WiNet Firmware Update

Analyst 207|
Sungrow iSolarCloud Android App: WiNet Firmware Update

1. EXECUTIVE SUMMARY

  • CVSS v4 9.5
  • ATTENTION: Exploitable remotely
  • Vendor: Sungrow
  • Equipment: iSolarCloud Android App, WiNet Firmware
  • Vulnerabilities: Improper Certificate Validation, Use of a Broken or Risky Cryptographic Algorithm, Authorization Bypass Through User-Controlled Key, Use of Hard-Coded Credentials, Stack-Based Buffer Overflow, Heap-Based Buffer Overflow

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could result in attackers being able to access and modify sensitive information. The implications of these vulnerabilities extend beyond individual user accounts, potentially affecting the integrity and availability of critical infrastructure systems, particularly in the energy sector where Sungrow operates.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following Sungrow software products are affected:

  • iSolarCloud Android App: Version 2.1.6 and prior
  • WiNet Firmware: All versions

3.2 VULNERABILITY OVERVIEW

3.2.1 IMPROPER CERTIFICATE VALIDATION CWE-295

The Android app for iSolarCloud explicitly ignores certificate errors, making it vulnerable to adversary-in-the-middle attacks. This vulnerability allows an attacker to impersonate the iSolarCloud server and communicate with the Android app, potentially leading to unauthorized access to user data.

CVE-2024-50691 has been assigned to this vulnerability, with a CVSS v3.1 base score of 6.5 and a CVSS v4 score of 8.3.

3.2.2 USE OF A BROKEN OR RISKY CRYPTOGRAPHIC ALGORITHM CWE-327

The iSolarCloud Android application uses an insecure AES key for encrypting client data, which may allow attackers to decrypt intercepted communications between the mobile app and iSolarCloud. This vulnerability is assigned CVE-2024-50684, with a CVSS v3.1 base score of 6.5 and a CVSS v4 score of 8.3.

3.2.3 AUTHORIZATION BYPASS THROUGH USER-CONTROLLED KEY CWE-639

The iSolarCloud API is vulnerable to multiple insecure direct object references (IDOR) via the powerStationService API model, allowing unauthorized access to user data. This vulnerability is documented as CVE-2024-50685, with a CVSS v3.1 base score of 6.5 and a CVSS v4 score of 6.9.

3.2.4 AUTHORIZATION BYPASS THROUGH USER-CONTROLLED KEY CWE-639

Similar to the previous vulnerability, the Solar iCloud API is also vulnerable to IDOR via the userService API model, which may allow unauthorized access to user data. This vulnerability is assigned CVE-2024-50693, with a CVSS v3.1 base score of 8.2 and a CVSS v4 score of 9.2.

3.2.5 AUTHORIZATION BYPASS THROUGH USER-CONTROLLED KEY CWE-639

The Solar iCloud API is also vulnerable to IDOR via the orgService API model, allowing unauthorized access to user data. This vulnerability is documented as CVE-2024-50689, with a CVSS v3.1 base score of 8.2 and a CVSS v4 score of 9.2.

3.2.6 AUTHORIZATION BYPASS THROUGH USER-CONTROLLED KEY CWE-639

The Solar iCloud API is vulnerable to IDOR via the commonService API model, which may allow unauthorized access to user data. This vulnerability is assigned CVE-2024-50686, with a CVSS v3.1 base score of 5.3 and a CVSS v4 score of 6.9.

3.2.7 AUTHORIZATION BYPASS THROUGH USER-CONTROLLED KEY CWE-639

The Solar iCloud API is vulnerable to IDOR via the devService API model, allowing unauthorized access to user data. This vulnerability is documented as CVE-2024-50687, with a CVSS v3.1 base score of 5.3 and a CVSS v4 score of 6.9.

3.2.8 USE OF HARD-CODED CREDENTIALS CWE-798</strong

Related Intelligence

Continue Reading

Moderator's workspace with laptop and blurred screen in a community gathering place.

Community Forum Moderation Evolves Amid Security Landscape

Join the conversation, but first, a friendly reminder: let's keep it civil and respectful in Bunker Talk, even when politics heat up - no name-calling, no personal attacks, and stick to the facts. By following these simple rules, we're building the best commenting crew on the net.

Analyst 207
MacBook on a desk with a softly lit modern workspace background and coding elements on the screen.

MacOS Update Exposes New Artifact for Tracing Digital Intent

The latest macOS update has introduced a game-changing digital trail: the App.MenuItem stream, which meticulously logs every menu selection you make, complete with exact timestamps. This new artifact reveals a detailed narrative of your interactions with the operating system interface.

Analyst 207
Young adults in casual professional attire seated in a modern conference room with technology equipment.

CyberCorps Bolsters AI Focus as Funding Lags

Meet the game-changing CyberCorps Scholarship Program, which has successfully launched nearly 5,000 cybersecurity pros into federal roles over the past 25 years. By offering full scholarships and stipends, it empowers students to serve the nation in exchange for a commitment to work in federal cybersecurity.

Analyst 207
Rows of computer servers and networking equipment in a brightly-lit server room.

phpBB Fixes Decade-Old Auth Bypass Bug

A major vulnerability in phpBB has been uncovered, allowing attackers to bypass authentication and log in as any user, including administrators, with ease and no special knowledge required. This decade-old bug, exploitable in default configurations, has been patched - but only after researchers took steps to privately disclose the issue to prevent widespread exploitation.

Analyst 207