Primary

Context

Sungrow WiNet-S Buffer Overflow Vulnerability in MQTT Message Parsing Allowing Denial-of-Service and Remote Code Execution

Vulnerability

A stack-based buffer overflow vulnerability has been identified in Sungrow WiNet-S version WINET-SV200.001.00.P027 and earlier. This vulnerability arises from inadequate bounds checking of MQTT topics, which can be exploited when the device processes MQTT messages. The flaw could lead to a denial-of-service condition or allow for remote code execution on the affected device.

Impact

Exploitation of this vulnerability causes a stack-based buffer overflow, which can be leveraged to execute arbitrary code remotely or create a denial-of-service condition on the device.

Remediation

Users are advised to upgrade to WiNet-S version WINET-SV200.001.00.P028 or higher.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Sungrow WiNet-S Buffer Overflow Vulnerability in MQTT Message Parsing Allowing Denial-of-Service and Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating