Primary

Context

Sungrow iSolarCloud Insecure Direct Object Reference Vulnerability in orgService API

Vulnerability

A vulnerability allowing Insecure Direct Object References (IDOR) has been identified in the Sungrow iSolarCloud orgService API, prior to the October 31, 2024 remediation. This vulnerability allows attackers to access and modify organizational data without proper authentication, potentially leading to unauthorized changes in organization-wide settings, exposure of sensitive business information, and disruption of services.

Impact

Exploitation of this vulnerability could result in unauthorized access to and modification of organizational data, allowing for unauthorized changes to organization-wide settings, exposure of sensitive business data, and disruption of services.

Remediation

Sungrow iSolarCloud has been upgraded and repaired on October 31, 2024, without requiring customer action.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Sungrow iSolarCloud Insecure Direct Object Reference Vulnerability in orgService API

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating