41 matches found
Growatt Cloud Applications Security Bypass Vulnerability (CNVD-2025-14962)
Growatt Cloud Applications is a monitoring platform from Growatt in China. A security bypass vulnerability exists in Growatt Cloud Applications version 3.6.0 and prior versions, which can be exploited by an unauthenticated attacker to add another user's device to a scenario...
Growatt Cloud Applications Authorization Bypass Vulnerability (CNVD-2025-14960)
Growatt Cloud Applications is a monitoring platform from Growatt in China. An authorization bypass vulnerability exists in Growatt Cloud Applications 3.6.0 and prior versions, which can be exploited by an unauthenticated attacker to obtain a user's email by knowing the username, resulting in a...
Growatt Cloud Applications Information Disclosure Vulnerability (CNVD-2025-14959)
Growatt Cloud Applications is a monitoring platform from Growatt in China. An information disclosure vulnerability exists in Growatt Cloud Applications version 3.6.0 and prior versions, which can be exploited by an unauthenticated attacker to obtain a user's plant list by username...
Growatt Cloud Applications Authorization Bypass Vulnerability
Growatt Cloud Applications is a monitoring platform from Growatt in China. An authorization bypass vulnerability exists in Growatt Cloud Applications version 3.6.0 and prior versions, which can be exploited by an unauthenticated attacker to obtain restricted information about a user's smart devic...
Growatt Cloud Applications Security Bypass Vulnerability
Growatt Cloud Applications is a monitoring platform from Growatt in China. A security bypass vulnerability exists in Growatt Cloud Applications version 3.6.0 and prior versions, which can be exploited by unauthenticated attackers to send configuration settings and potentially perform physical...
Growatt Cloud Applications Information Disclosure Vulnerability (CNVD-2025-14965)
Growatt Cloud Applications is a monitoring platform from Growatt in China. An information disclosure vulnerability exists in Growatt Cloud Applications version 3.6.0 and prior versions, which can be exploited by an unauthenticated attacker to obtain information about another user's electric vehic...
Growatt Cloud Applications Information Disclosure Vulnerability (CNVD-2025-14964)
Growatt Cloud Applications is a monitoring platform from Growatt in China. An information disclosure vulnerability exists in Growatt Cloud Applications version 3.6.0 and prior versions, which can be exploited by an unauthenticated attacker to obtain a list of smart devices via a valid username...
Growatt Cloud Applications Information Disclosure Vulnerability (CNVD-2025-14963)
Growatt Cloud Applications is a monitoring platform from Growatt in China. An information disclosure vulnerability exists in Growatt Cloud Applications version 3.6.0 and prior versions, which can be exploited by an unauthenticated attacker to query the total energy consumption information of any...
Growatt Cloud Applications Information Disclosure Vulnerability
Growatt Cloud Applications is a monitoring platform from Growatt in China. An information disclosure vulnerability exists in Growatt Cloud Applications version 3.6.0 and prior versions, which can be exploited by an unauthenticated attacker to query API endpoints and obtain device details...
CVE-2025-31933 Growatt Cloud Applications Authorization Bypass Through User-Controlled Key
An unauthenticated attacker can check the existence of usernames in the system by querying an API...
CVE-2025-31933
CVE-2025-31933 affects Growatt Cloud Applications. An unauthenticated attacker can enumerate usernames by querying an API; CNNVD cites affected versions 3.6.0 and earlier. The issue originates from unauthenticated access to a username list via the API. Red Hat and NVD entries corroborate the basi...
CVE-2025-30511 Growatt Cloud Applications Cross-site Scripting
An authenticated attacker can achieve stored XSS by exploiting improper sanitization of the plant name value while adding or editing a plant...
CVE-2025-30511 Growatt Cloud Applications Cross-site Scripting
An authenticated attacker can achieve stored XSS by exploiting improper sanitization of the plant name value while adding or editing a plant...
CVE-2025-30511
Growatt Cloud Applications (monitors) is affected by CVE-2025-30511. An authenticated attacker can trigger a stored XSS by exploiting improper sanitization of the plant name value when adding or editing a plant. Documented impact is stored XSS in user spaces; no exploit details are provided beyon...
Growatt Cloud Applications 安全漏洞
Growatt Cloud Applications is a monitoring platform from China-based Growatt. A security vulnerability exists in Growatt Cloud Applications version 3.6.0 and prior versions, which can be exploited by an unauthenticated attacker to obtain the serial number of a smart meter associated with a specif...
Growatt Cloud Applications 安全漏洞
Growatt Cloud Applications is a monitoring platform from Growatt, a Chinese company. A security vulnerability exists in Growatt Cloud Applications version 3.6.0 and earlier, which stems from a verified attacker being able to obtain arbitrary plant names via plant IDs...
Growatt Cloud Applications 安全漏洞
Growatt Cloud Applications is a monitoring platform from Growatt in China. An information disclosure vulnerability exists in Growatt Cloud Applications version 3.6.0 and prior versions, which can be exploited by an unauthenticated attacker to obtain a user's plant list by username...
Growatt Cloud Applications 安全漏洞
Growatt Cloud Applications is a monitoring platform from Growatt, a Chinese company. A security vulnerability exists in Growatt Cloud Applications version 3.6.0 and prior versions, which originates from an unauthenticated attacker being able to infer the presence of a username on the system...
Growatt Cloud Applications 安全漏洞
Growatt Cloud Applications is a monitoring platform from Growatt in China. An authorization bypass vulnerability exists in Growatt Cloud Applications 3.6.0 and prior versions, which can be exploited by an unauthenticated attacker to obtain a user's email by knowing the username, resulting in a...
Growatt Cloud Applications 安全漏洞
Growatt Cloud Applications is a monitoring platform from Growatt, a Chinese company. A security vulnerability exists in Growatt Cloud Applications 3.6.0 and prior versions, which originates from an unauthenticated attacker who can rename the rooms of any user...