Home

Description

SolarEdge SE3680H has an exposed debug/test interface accessible to unauthenticated actors, allowing disclosure of system internals and execution of debug commands.

PUBLISHED Reserved 2025-04-15 | Published 2025-12-12 | Updated 2025-12-18 | Assigner DIVD




HIGH: 8.6CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Problem types

CWE‑1191 — On‑Chip Debug and Test Interface With Improper Access Control

Product status

Default status
unaffected

4.0 (semver) before 4.22
affected

Credits

Hamid Rahmouni (ENCS) finder

Victor Pasman (DIVD) analyst

References

csirt.divd.nl/CVE-2025-36743 third-party-advisory

csirt.divd.nl/DIVD-2025-00022/ third-party-advisory

cve.org (CVE-2025-36743)

nvd.nist.gov (CVE-2025-36743)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.