Primary

Context

Sungrow iSolarCloud Android App Weak Encryption Vulnerability Allowing Decryption of Intercepted Communications

Vulnerability

A vulnerability exists in the Sungrow iSolarCloud Android app, specifically in versions through 2.1.6.20241017, due to the use of an insecure AES encryption key with insufficient entropy. This weakness may enable attackers to decrypt intercepted communications between the mobile app and the iSolarCloud service, potentially exposing sensitive user information.

Impact

Exploitation of this vulnerability could lead to the decryption of intercepted communications, allowing attackers to access sensitive client data.

Remediation

Users are advised to update the iSolarCloud Android app to the latest version available in the official app store. A patch has been released. As a temporary fix, users should avoid connecting to untrusted networks and enable VPN encryption when using the app.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Sungrow iSolarCloud Android App Weak Encryption Vulnerability Allowing Decryption of Intercepted Communications

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating