30 matches found
CVE-2025-24487
CVE-2025-24487 concerns Growatt Cloud Applications (Cloud portal). Multiple connected sources indicate an unauthenticated attacker can infer the existence of usernames by querying an API, implying an exposed endpoint that reveals user existence without requiring authentication. Publicly cited ref...
CVE-2025-31933
CVE-2025-31933 affects Growatt Cloud Applications. An unauthenticated attacker can enumerate usernames by querying an API; CNNVD cites affected versions 3.6.0 and earlier. The issue originates from unauthenticated access to a username list via the API. Red Hat and NVD entries corroborate the basi...
CVE-2025-27575
Consolidated details from connected sources show a vulnerability affecting Growatt Cloud Applications (EV charger management) that allows an unauthenticated attacker to learn the EV charger version and firmware upgrading history by knowing the charger ID. Root cause appears to be information disc...
CVE-2025-31357
CVE-2025-31357 affects Growatt Cloud Applications (cloud portal). The connected documents describe an information-disclosure vulnerability where an unauthenticated attacker can obtain a user’s plant list by knowing the username. Evidence of the issue appears across multiple sources (CVE lists, CN...
CVE-2025-31945
CVE-2025-31945 affects Growatt Cloud Applications (Growatt Cloud Portal). Multiple connected sources confirm an unauthenticated attacker can obtain other users’ charger information, exposing sensitive user data. Public details indicate vulnerable component exposure and lack of server-side input v...
CVE-2025-31950
Growatt Cloud Applications (affected: version 3.6.0 and earlier) exposes an information-disclosure vulnerability allowing an unauthenticated attacker to obtain other users’ EV charger energy consumption data. Root cause: improper access control enabling retrieval of sensitive energy data. Impact ...
CVE-2025-31654
CVE-2025-31654 concerns Growatt Cloud Applications where an attacker can obtain information about the groups of smart home devices for arbitrary users (i.e., the users’ “rooms”). The CVE appears across multiple sources (NVD, Red Hat, CVE List, CVSS metrics) and is associated with the Growatt clou...
CVE-2025-27568
Growatt Cloud Portal (Growatt Cloud Applications) is affected by CVE-2025-27568, where an unauthenticated attacker can determine a user’s email by knowing the username, causing a password-reset email to be sent. Public documents reference the authorization bypass exposure without detailing a fixe...
CVE-2025-30514
CVE-2025-30514 affects Growatt Cloud Applications (portal). Multiple connected sources indicate unauthenticated attackers can obtain restricted information about a user’s smart device collections (including “scenes” and possibly “rooms”) via unauthenticated API access, exposure of usernames/email...
CVE-2025-31360
CVE-2025-31360 affects Growatt Cloud Applications (Growatt Cloud Portal). Multiple connected sources confirm an unauthenticated attacker can trigger device actions associated with specific “scenes” of arbitrary users, implying remote control of devices without user interaction. The vulnerability ...
CVE-2025-30510
Growatt Cloud Applications (version 3.6.0 and earlier) is affected by a vulnerability where an attacker can upload an arbitrary file in place of a plant image. Public sources note this in multiple records (CNNVD, RH/Red Hat CVE, NVD). Some documents also describe related issues involving improper...
CVE-2025-25276
CVE-2025-25276 relates to Growatt Cloud Applications (Growatt Cloud portal). Connected documents confirm an unauthenticated attacker can hijack other users’ devices and potentially take control, via vulnerabilities including an authorization bypass through a user-controlled key and improper input...
CVE-2025-27719
CVE-2025-27719 affects Growatt Cloud Applications (Growatt Cloud portal). An unauthenticated user can query an API endpoint and obtain device details, indicating an information-disclosure risk. Connected sources indicate this vulnerability exists in Growatt Cloud Applications version 3.6.0 and ea...
CVE-2025-31147
The CVE-2025-31147 entry corresponds to an information-disclosure vulnerability in Growatt Cloud Applications (China), affecting versions up to 3.6.0 and earlier. An unauthenticated attacker can query the total energy consumption information of arbitrary users’ EV chargers, exposing sensitive usa...
CVE-2025-27565
CVE-2025-27565 affects the Growatt Cloud Applications/Cloud portal. Multiple connected sources confirm an unauthenticated attacker can delete any user’s legitimate data by knowing the user ID and the target room ID, implying an authorization failure in manipulating user-controlled room resources....
CVE-2025-27927
CVE-2025-27927 concerns Growatt Cloud Applications (Growatt Cloud portal). Connected sources describe a vulnerability where an unauthenticated attacker can determine a list of smart devices by querying an unprotected API using a valid username, indicating weak access control on user-oriented API ...
CVE-2025-30257
CVE-2025-30257 relates to Growatt Cloud portal authorization bypass through a user-controlled key. The included connected records confirm that unauthenticated attackers can retrieve the serial number of smart meters associated with a specific user account, indicating an information disclosure vul...
CVE-2025-31941
Growatt Cloud Applications (China) is affected by an information-disclosure vulnerability described in multiple sources as CVE-2025-31941. The issue allows an unauthenticated attacker to obtain a list of smart devices by using a valid username, with affected versions up to 3.6.0 and prior (per CN...
CVE-2025-24850
Growatt Cloud Applications vulnerability CVE-2025-24850 allows exporting other users’ plant information due to improper access control/auth handling. Documented effects include exposure of user plant data and other sensitive information across API endpoints. Connected sources cite the advisory fr...
CVE-2025-27929
CVE-2025-27929 affects Growatt Cloud Applications. The connected sources confirm an unauthenticated attacker can retrieve the full list of users associated with arbitrary accounts, implying a potential authorization/identity exposure vulnerability. Public details specifically mention Growatt Clou...
CVE-2025-30254
CVE-2025-30254 affects Growatt Cloud Applications (noted in multiple feeds). The CSC-grade description shows an unauthenticated attacker can obtain a meter serial number by querying with a user’s username. CNNVD-202504-2298 specifies vulnerable versions up to 3.6.0 and earlier; other sources reit...
CVE-2025-31949
Growatt Cloud Applications (Growatt Cloud portal) is affected by CVE-2025-31949. An authenticated attacker can obtain arbitrary plant names by supplying a plant ID, indicating an access/validation weakness in the plant-name retrieval mechanism. Public details confirm vulnerable versions include 3...
CVE-2025-26857
CVE-2025-26857 affects Growatt Cloud Applications (vulnerable through 3.6.0 and earlier according to CNNVD). The flaw allows an unauthenticated attacker to rename arbitrary devices owned by any user (notably EV chargers) by exploiting insufficient input validation. Multiple connected sources (Red...
CVE-2025-30512
CVE-2025-30512 affects Growatt Cloud Applications (Growatt Cloud portal). Unauthenticated attackers can send configuration settings to a device and potentially perform physical actions remotely (e.g., power on/off). Multiple sources (CNVD/CNNVD, CVE records, and CSAs) describe this as an external...
CVE-2025-27938
Growatt Cloud Applications (Growatt Cloud portal) suffers an unauthenticated authorization bypass that allows access to restricted user “rooms” information. Public docs indicate this affects versions up to 3.6.0 (and prior) and that no patch version is specified; exploitation status not publicly ...
CVE-2025-30511
Growatt Cloud Applications (monitors) is affected by CVE-2025-30511. An authenticated attacker can trigger a stored XSS by exploiting improper sanitization of the plant name value when adding or editing a plant. Documented impact is stored XSS in user spaces; no exploit details are provided beyon...
CVE-2025-24315
CVE-2025-24315 concerns Growatt Cloud Applications. Several connected sources (CNVD-2025-14962, CNNVD-202504-2316, RH: Red Hat, CVE lists) describe an unauthenticated bystander vulnerability where an attacker can add devices of other users to scenes (or arbitrary scenes) in Growatt Cloud Applicat...
CVE-2025-27561
CVE-2025-27561 affects Growatt Cloud Applications (Growatt Cloud Portal). Multiple connected sources identify unauthenticated attackers can rename the target user’s “rooms,” with associated risk of unauthorized changes to user data and device groupings. Public records point to Growatt Cloud Appli...
CVE-2025-24297
CVE-2025-24297 affects Growatt Cloud Portal (Growatt Cloud Applications). Root cause: lack of server-side input validation leading to cross-site scripting. Vulnerable component/function: plant name handling during add/edit operations (stored XSS). Impact: attackers can inject JavaScript into user...
CVE-2025-27939
CVE-2025-27939 affects Growatt Cloud Applications (version 3.6.0 and earlier per CNNVD) where an attacker can change other users’ registered email addresses and take over arbitrary accounts. The connected sources confirm the issue exists across Growatt Cloud Apps and describe account takeover via...