Home

Description

Growatt ShineLan-X communication dongle has an undocumented backup account with undocumented credentials which allows significant level access to the device, such as allowing any attacker to access the Setting Center. This means that this is effectively backdoor for all devices utilizing a Growatt ShineLan-X communication dongle.

PUBLISHED Reserved 2025-04-15 | Published 2025-12-13 | Updated 2025-12-16 | Assigner DIVD




CRITICAL: 9.4CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Problem types

CWE-798 Use of Hard-coded Credentials

Product status

Default status
unaffected

3.6.0.0 (semver)
affected

Credits

Alexandros Tokatlis finder

Victor Pasman analyst

References

csirt.divd.nl/CVE-2025-36752/ third-party-advisory

cve.org (CVE-2025-36752)

nvd.nist.gov (CVE-2025-36752)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.