CVE-2024-50694

In SunGrow WiNet-SV200.001.00.P027 and earlier versions, when copying the timestamp read from an MQTT message, the underlying code does not check the bounds of the buffer that is used to store the message. This may lead to a stack-based buffer overflow.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://en.sungrowpower.com/security-notice-detail-2/5961	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:sungrowpower:winet-s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sungrowpower:winet-s:-:*:*:*:*:*:*:*

History

29 May 2025, 16:02

Type	Values Removed	Values Added
References	~~() https://en.sungrowpower.com/security-notice-detail-2/5961 -~~	() https://en.sungrowpower.com/security-notice-detail-2/5961 - Vendor Advisory
CPE		cpe:2.3:o:sungrowpower:winet-s_firmware:::::::: cpe:2.3:h:sungrowpower:winet-s:-:::::::*
First Time		Sungrowpower Sungrowpower winet-s Sungrowpower winet-s Firmware

05 Feb 2025, 15:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
Summary		(es) En SunGrow WiNet-SV200.001.00.P027 y versiones anteriores, al copiar la lectura timestamp de un mensaje MQTT, el código subyacente no comprueba los límites del búfer que se utiliza para almacenar el mensaje. Esto puede provocar un desbordamiento del búfer basado en la pila.
CWE		CWE-121

24 Jan 2025, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-24 23:15

Updated : 2025-05-29 16:02

NVD link : CVE-2024-50694

Mitre link : CVE-2024-50694

CVE.ORG link : CVE-2024-50694

JSON object : View

Products Affected

sungrowpower

winet-s
winet-s_firmware

CWE

CWE-121

Stack-based Buffer Overflow

{"id": "CVE-2024-50694", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2025-01-24T23:15:09.000", "references": [{"url": "https://en.sungrowpower.com/security-notice-detail-2/5961", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-121"}]}], "descriptions": [{"lang": "en", "value": "In SunGrow WiNet-SV200.001.00.P027 and earlier versions, when copying the timestamp read from an MQTT message, the underlying code does not check the bounds of the buffer that is used to store the message. This may lead to a stack-based buffer overflow."}, {"lang": "es", "value": "En SunGrow WiNet-SV200.001.00.P027 y versiones anteriores, al copiar la lectura timestamp de un mensaje MQTT, el c\u00f3digo subyacente no comprueba los l\u00edmites del b\u00fafer que se utiliza para almacenar el mensaje. Esto puede provocar un desbordamiento del b\u00fafer basado en la pila."}], "lastModified": "2025-05-29T16:02:20.297", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sungrowpower:winet-s_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7EC5C36C-0726-4C02-9C89-FC97EB06D144", "versionEndExcluding": "200.001.00.p027"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sungrowpower:winet-s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "30D17448-43BC-46D6-87E8-B67F5FBBDFB5"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}

9.8 /10