CVE-2024-50692

MEDIUM Year: 2024
CVSS v3 Score
5.4
Medium
Weakness Type
CWE-798
View all →

Vulnerability Description

SunGrow WiNet-SV200.001.00.P027 and earlier versions contains hardcoded MQTT credentials that allow an attacker to send arbitrary commands to an arbitrary inverter. It is also possible to impersonate the broker, because TLS is not used to identify the real MQTT broker. This means that MQTT communications are vulnerable to MitM attacks at the TCP/IP level.

Related Vulnerabilities

CVE-2024-57790

MEDIUM
CVSS:5.4(Medium)

IXON B.V. IXrouter IX2400 (Industrial Edge Gateway) v3.0 was discovered to contain hardcoded root credentials stored in the non-volatile flash memory. This vulnerability allows physically proximate at...

CWE-7982024

CVE-2018-1650

MEDIUM
CVSS:5.5(Medium)

IBM QRadar SIEM 7.2 and 7.3 uses hard-coded credentials which could allow an attacker to bypass the authentication configured by the administrator. IBM X-Force ID: 144656.

CWE-7982018

CVE-2019-16150

MEDIUM
CVSS:5.5(Medium)

Use of a hard-coded cryptographic key to encrypt security sensitive data in local storage and configuration in FortiClient for Windows prior to 6.4.0 may allow an attacker with access to the local sto...

CWE-7982019

CVE-2019-5106

MEDIUM
CVSS:5.5(Medium)

A hard-coded encryption key vulnerability exists in the authentication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to communications between e!Cockpit and CoDeSyS Gateway ...

CWE-7982019

CVE-2020-11723

MEDIUM
CVSS:5.5(Medium)

Cellebrite UFED 5.0 through 7.29 uses four hardcoded RSA private keys to authenticate to the ADB daemon on target devices. Extracted keys can be used to place evidence onto target devices when perform...

CWE-7982020

CVE-2020-12376

MEDIUM
CVSS:5.5(Medium)

Use of hard-coded key in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow authenticated user to potentially enable information disclos...

CWE-7982020