CVE-2024-50684

MEDIUM Year: 2024
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-330
View all →

Vulnerability Description

SunGrow iSolarCloud Android app V2.1.6.20241017 and prior uses an insecure AES key to encrypt client data (insufficient entropy). This may allow attackers to decrypt intercepted communications between the mobile app and iSolarCloud.

Related Vulnerabilities

CVE-2017-17910

MEDIUM
CVSS:6.5(Medium)

On Hoermann BiSecur devices before 2018, a vulnerability can be exploited by recording a single radio transmission. An attacker can intercept an arbitrary radio frame exchanged between a BiSecur trans...

CWE-3302017

CVE-2018-1279

MEDIUM
CVSS:6.5(Medium)

Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain informat...

CWE-3302018

CVE-2018-18425

MEDIUM
CVSS:6.5(Medium)

The doAirdrop function of a smart contract implementation for Primeo (PEO), an Ethereum token, does not check the numerical relationship between the amount of the air drop and the token's total supply...

CWE-3302018

CVE-2018-19983

MEDIUM
CVSS:6.5(Medium)

An issue was discovered on Sigma Design Z-Wave S0 through S2 devices. An attacker first prepares a Z-Wave frame-transmission program (e.g., Z-Wave PC Controller, OpenZWave, CC1110, etc.). Next, the at...

CWE-3302018

CVE-2019-6821

MEDIUM
CVSS:6.5(Medium)

CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of the TCP connection when using Ethernet communication in Modicon M580 firmware versions prior to V2.30, an...

CWE-3302019

CVE-2019-9102

MEDIUM
CVSS:6.5(Medium)

An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A predictable mechanism of g...

CWE-3302019