Primary

Context

Sungrow iSolarCloud Insecure Direct Object Reference Vulnerability in devService API

Vulnerability

A vulnerability allowing Insecure Direct Object References (IDOR) has been identified in the Sungrow iSolarCloud devService API, prior to the October 31, 2024 remediation. This vulnerability enables unauthorized access to device-related data, potentially exposing sensitive information about Sungrow devices and their operational parameters.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive device-related data, including operational parameters of Sungrow devices.

Remediation

Sungrow iSolarCloud has been upgraded and repaired on October 31, 2024, without requiring customer action.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Sungrow iSolarCloud Insecure Direct Object Reference Vulnerability in devService API

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating