← Retour aux CVEs
CVE-2025-36752
CRITICAL9.8
Description
Growatt ShineLan-X communication dongle has an undocumented backup account with undocumented credentials which allows significant level access to the device, such as allowing any attacker to access the Setting Center. This means that this is effectively backdoor for all devices utilizing a Growatt ShineLan-X communication dongle.
Details CVE
Score CVSS v3.19.8
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie12/13/2025
Derniere modification1/14/2026
Sourcenvd
Observations honeypot0
Produits affectes
growatt:shine_lan-xgrowatt:shine_lan-x_firmware
Faiblesses (CWE)
CWE-798
References
https://csirt.divd.nl/CVE-2025-36752/(csirt@divd.nl)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.