CVE-2025-29756
MQTT implementation in Sungrow iSolarCloud allowed users to subscribe to all data of all connected inverters
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
MQTT implementation in Sungrow iSolarCloud allowed users to subscribe to all data of all connected inverters
SunGrow's back end users system iSolarCloud https://isolarcloud.com uses an MQTT service to transport data from the user's connected devices to the user's web browser. The MQTT server however did not have sufficient restrictions in place to limit the topics that a user could subscribe to. While the data that is transmitted through the MQTT server is encrypted and the credentials for the MQTT server are obtained though an API call, the credentials could be used to subscribe to any topic and the encryption key can be used to decrypt all messages received. An attack with an account on iSolarCloud.com could extract MQTT credentials and the decryption key from the browser and then use an external program to subscribe to the topic '#' and thus recieve all messages from all connected devices.
Reserved 2025-03-11 | Published 2025-06-11 | Updated 2025-06-11 | Assigner DIVDHarm van den Brink (DIVD)
Frank Breedijk (DIVD)
ENCS (https://encs.eu/)
csirt.divd.nl/CVE-2025-29756
csirt.divd.nl/DIVD-2025-00009
isolarcloud.com
Support options
