Home

Description

SolarEdge SE3680H has unauthenticated disclosure of sensitive information during the bootloader loop. While the device repeatedly initializes and waits for boot instructions, the bootloader emits diagnostic output this behavior can leak operating system information.

PUBLISHED Reserved 2025-04-15 | Published 2025-12-12 | Updated 2025-12-12 | Assigner DIVD




LOW: 2.4CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/S:N

Problem types

CWE-1295: Debug Messages Revealing Unnecessary Information

Product status

Default status
unaffected

4.0 (semver) before 4.22
affected

Credits

Alexandros Tokatlis (ENCS) finder

Victor Pasman (DIVD) analyst

References

csirt.divd.nl/CVE-2025-36744 third-party-advisory

csirt.divd.nl/DIVD-2025-00022/ third-party-advisory

cve.org (CVE-2025-36744)

nvd.nist.gov (CVE-2025-36744)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.