← Zuruck zu CVEs
CVE-2025-36752
CRITICAL9.8
Beschreibung
Growatt ShineLan-X communication dongle has an undocumented backup account with undocumented credentials which allows significant level access to the device, such as allowing any attacker to access the Setting Center. This means that this is effectively backdoor for all devices utilizing a Growatt ShineLan-X communication dongle.
CVE Details
CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht12/13/2025
Zuletzt geandert1/14/2026
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
growatt:shine_lan-xgrowatt:shine_lan-x_firmware
Schwachen (CWE)
CWE-798
Referenzen
https://csirt.divd.nl/CVE-2025-36752/(csirt@divd.nl)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.