do son 
In a recent security advisory, the Cybersecurity and Infrastructure Security Agency (CISA) revealed multiple critical vulnerabilities impacting Sungrow’s iSolarCloud Android App and WiNet firmware, highlighting serious risks to device security and user data integrity.
According to the advisory, these vulnerabilities hold an alarming CVSS v4 base score of 9.5, making them highly critical and remotely exploitable. CISA warns that exploitation of these vulnerabilities could enable attackers to access and modify sensitive information, potentially leading to significant security breaches.
The advisory specifically identified vulnerabilities including “Improper Certificate Validation,” “Use of a Broken or Risky Cryptographic Algorithm,” “Authorization Bypass Through User-Controlled Key,” “Use of Hard-Coded Credentials,” and various types of buffer overflows. Each of these presents distinct risks, including unauthorized data access, data modification, and potential remote code execution.
One major vulnerability, CVE-2024-50691 (CVSSv4 8.3), involves improper certificate validation, where “the Android app for iSolarCloud explicitly ignores certificate errors and is vulnerable to adversary-in-the-middle attacks.” Such flaws make it possible for attackers to impersonate the iSolarCloud server.
Additionally, the advisory highlights the use of weak cryptographic standards. “The iSolarCloud Android mobile application uses an insecure AES key to encrypt client data (insufficient entropy),” noted as CVE-2024-50684 (CVSSv4 8.3). This vulnerability can allow attackers to decrypt intercepted communications, severely compromising data privacy.
Hard-coded credentials within both the iSolarCloud app and WiNet firmware pose another significant risk. The WiNet’s module firmware, identified under CVE-2024-50692 (CVSSv4 9.5), contains hardcoded MQTT credentials allowing attackers potentially “to impersonate a device-facing MQTT broker” and “execute arbitrary code.”
Several stack-based and heap-based buffer overflows (CVE-2024-50694, CVE-2024-50695, CVE-2024-50697, CVE-2024-50698) were also reported, with CISA emphasizing the high potential for remote code execution due to insufficient input validation.
Sungrow has released updated firmware (WINET-SV200.001.00.P028 or higher) and advises all users to update the iSolarCloud Android App to the latest version immediately via their device’s app store. “The iSolarCloud has been repaired and requires no further user action,” according to the advisory.
CISA further recommends preventive measures such as minimizing network exposure for control system devices, isolating systems behind firewalls, and using secure VPNs for remote access.
At this time, there is “no known public exploitation specifically targeting these vulnerabilities,” but the severity demands prompt action from affected users to mitigate risks.
For more information, users should refer to Sungrow’s official security notice and the full CISA advisory details.
