These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2024-50698 affects Sungrow iSolarCloud Android App and WiNet Firmware. CISA describes a heap-based buffer overflow in MQTT message content bounds checks that may allow an attacker to remotely execute arbitrary code. Sungrow reports fixed firmware is available and the iSolarCloud Android App has been repaired.
CVE-2024-50697 is a high-severity Sungrow issue disclosed by CISA on 2025-03-13. The advisory says MQTT message decryption code lacks sufficient bounds checks when parsing certain TLV fields, which may lead to a stack-based buffer overflow and potential remote code execution. Sungrow’s remediation guidance is to update WiNet firmware to WINET-SV200.001.00.P028 or higher and keep the iSolarCloud Android ap [truncated]
CVE-2024-50695 is a high-severity Sungrow vulnerability disclosed by CISA on 2025-03-13. The issue affects the iSolarCloud Android App and WiNet Firmware and is described as a potential stack-based buffer overflow caused by missing MQTT topic bounds checks while parsing MQTT messages. According to the advisory, exploitation could allow remote code execution. Sungrow states updated firmware is available an [truncated]
CVE-2024-50694 is a high-severity stack-based buffer overflow affecting Sungrow’s iSolarCloud Android App and WiNet Firmware. According to the published advisory, an MQTT timestamp is copied into a buffer without bounds checking, which could allow remote code execution. Sungrow’s remediation guidance says to update affected WiNet firmware to WINET-SV200.001.00.P028 or higher and ensure the iSolarCloud And [truncated]
CVE-2024-50693 is a high-severity Sungrow issue disclosed by CISA on 2025-03-13. The advisory says the Solar iCloud API contains multiple insecure direct object reference (IDOR) flaws in the userService API model, which could let an attacker access user data without authorization and potentially modify key identifying data values. The affected products listed in the advisory are Sungrow iSolarCloud Androi [truncated]
CVE-2024-50692 is a high-severity Sungrow issue in WiNet module firmware where hardcoded MQTT credentials could let an attacker impersonate a device-facing MQTT broker. CISA’s advisory also lists Sungrow iSolarCloud Android App <=2.1.6 and WiNet Firmware (all versions) as affected products, with vendor guidance to update WiNet firmware to WINET-SV200.001.00.P028 or higher and install the latest iSolarClou [truncated]
CVE-2024-50691 is a Sungrow iSolarCloud issue publicly disclosed by CISA on 2025-03-13. The advisory says the Android app explicitly ignores certificate errors, which can let an adversary-in-the-middle impersonate the iSolarCloud server and communicate with the app. CISA’s advisory also lists Sungrow WiNet Firmware as affected and recommends updating both the app and firmware.
CVE-2024-50690 is a Sungrow issue disclosed by CISA on 2025-03-13. The advisory says the WiNet WebUI contains a hard-coded password that can be used to decrypt all firmware updates, and notes the vulnerability can allow an attacker to gain unauthorized access to accounts. CISA lists Sungrow iSolarCloud Android App versions up to 2.1.6 and Sungrow WiNet Firmware versions all as affected, with vendor fixes available.
CISA’s 2025-03-13 advisory for CVE-2024-50689 describes multiple IDOR issues in Sungrow’s Solar iCloud API orgService model. The flaw may let an attacker access user data without authorization and potentially modify key identifying values. Affected products are the iSolarCloud Android App <=2.1.6 and WiNet Firmware (all versions), with Sungrow recommending a firmware update to WINET-SV200.001.00.P028 or l [truncated]
CISA’s 2025-03-13 advisory for CVE-2024-50688 says Sungrow’s iSolarCloud Android App (<= 2.1.6) and WiNet Firmware use hard-coded MQTT credentials when exchanging device telemetry. That creates a risk of unauthorized access to user accounts and sensitive information; the advisory also states an attacker may be able to execute arbitrary code. Sungrow’s stated remediation is to update WiNet firmware to WINE [truncated]
CVE-2024-50687 is a medium-severity Sungrow issue disclosed by CISA on 2025-03-13. The advisory says the Solar iCloud API contains multiple insecure direct object references (IDOR) in the devService API model, which could let an attacker access user data without authorization and potentially modify key identifying data values. The advisory covers Sungrow iSolarCloud Android App <=2.1.6 and Sungrow WiNet F [truncated]
CVE-2024-50686 is a Sungrow issue in the Solar iCloud API's commonService API model that CISA describes as multiple insecure direct object reference (IDOR) weaknesses. The advisory says the flaw may let an attacker gain unauthorized access to user data and potentially modify key identifying data values. CISA published the advisory on 2025-03-13 and lists affected Sungrow iSolarCloud Android App versions u [truncated]
CVE-2024-50685 covers an insecure direct object reference (IDOR) issue in Sungrow’s iSolarCloud API, specifically through the powerStationService model. According to CISA’s advisory published on 2025-03-13, the issue can allow unauthorized access to user data and may also permit modification of key identifying data values. The advisory lists Sungrow iSolarCloud Android App versions up to 2.1.6 and Sungrow [truncated]
CVE-2024-50684 is a medium-severity weakness in Sungrow’s iSolarCloud Android app and related WiNet firmware advisory. CISA states the Android app used an insecure AES key with insufficient entropy to encrypt client data, which could allow decryption of intercepted communications between the app and iSolarCloud. Sungrow’s remediation guidance says updated WiNet firmware is available and the iSolarCloud ap [truncated]