Sungrow iSolarCloud Android App Missing SSL Certificate Validation Vulnerability

A vulnerability exists in the Sungrow iSolarCloud Android app in versions through 2.1.6.20241104, where the app fails to properly validate SSL/TLS certificates. This oversight allows for Man-in-the-Middle (MitM) attacks, where an attacker could impersonate the iSolarCloud server and intercept or modify communications between the app and the cloud service, potentially leading to unauthorized access or data manipulation.

Impact

Exploitation of this vulnerability could allow attackers to intercept, modify, or falsify data exchanged between the iSolarCloud app and its server, with potential for unauthorized access to user information or manipulation of data within the app.

Remediation

Users are advised to update the iSolarCloud Android app to the latest version, available now. As a temporary measure, avoid using the app on public or untrusted Wi-Fi networks.