CVE-2024-50695

SunGrow WiNet-SV200.001.00.P027 and earlier versions is vulnerable to stack-based buffer overflow when parsing MQTT messages, due to missing MQTT topic bounds checks.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:sungrowpower:winet-s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sungrowpower:winet-s:-:*:*:*:*:*:*:*

History

29 May 2025, 16:02

Type Values Removed Values Added
First Time Sungrowpower winet-s
Sungrowpower winet-s Firmware
Sungrowpower
References () https://en.sungrowpower.com/security-notice-detail-2/5961 - () https://en.sungrowpower.com/security-notice-detail-2/5961 - Vendor Advisory
CPE cpe:2.3:h:sungrowpower:winet-s:-:*:*:*:*:*:*:*
cpe:2.3:o:sungrowpower:winet-s_firmware:*:*:*:*:*:*:*:*

05 Feb 2025, 15:15

Type Values Removed Values Added
CWE CWE-121
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
Summary
  • (es) SunGrow WiNet-SV200.001.00.P027 y versiones anteriores son vulnerables al desbordamiento de búfer basado en pila al analizar mensajes MQTT, debido a la falta de comprobaciones de los límites de temas MQTT.

24 Jan 2025, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-01-24 23:15

Updated : 2025-05-29 16:02


NVD link : CVE-2024-50695

Mitre link : CVE-2024-50695

CVE.ORG link : CVE-2024-50695


JSON object : View

Products Affected

sungrowpower

  • winet-s
  • winet-s_firmware
CWE
CWE-121

Stack-based Buffer Overflow