Primary

Context

Sungrow WiNet-S Heap-Based Buffer Overflow Vulnerability Allowing Denial-of-Service and Remote Code Execution

Vulnerability

A heap-based buffer overflow vulnerability has been identified in the Sungrow WiNet-SV200.001.00.P027 firmware and earlier versions. This vulnerability arises from inadequate bounds checking of the MQTT message content, which could be exploited to cause a buffer overflow. Such an overflow could lead to a denial-of-service condition or allow for remote code execution on the affected device.

Impact

Exploitation of this vulnerability causes a heap-based buffer overflow, which can lead to a denial-of-service condition and/or remote code execution on the affected device.

Remediation

Users are advised to upgrade to WiNet-SV200.001.00.P028 or higher. For assistance, contact your installer or log into the iSolarCloud for the available software update.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Sungrow WiNet-S Heap-Based Buffer Overflow Vulnerability Allowing Denial-of-Service and Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating