Primary

Context

Sungrow WiNet-S Buffer Overflow Vulnerability in MQTT Message Decryption Allowing Denial-of-Service and Remote Code Execution

Vulnerability

A stack-based buffer overflow vulnerability has been identified in the SunGrow WiNet-SV200.001.00.P027 firmware and earlier versions. The issue arises during the decryption of MQTT messages, where the code responsible for parsing certain TLV fields lacks adequate bounds checks. This vulnerability could be exploited to cause a denial-of-service condition or to execute arbitrary code remotely.

Impact

Exploitation of this vulnerability leads to a stack-based buffer overflow, causing a denial-of-service condition and/or allowing for remote code execution.

Remediation

Users are advised to upgrade to WiNet-SV200.001.00.P028 or higher.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Sungrow WiNet-S Buffer Overflow Vulnerability in MQTT Message Decryption Allowing Denial-of-Service and Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating