Vulnerabilities
Vulnerable Software
Growatt:  Security Vulnerabilities
Unauthenticated attackers can add devices of other users to their scenes (or arbitrary scenes of other arbitrary users).
CVSS Score
6.9
EPSS Score
0.006
Published
2025-04-15
An attacker can export other users' plant information.
CVSS Score
6.9
EPSS Score
0.003
Published
2025-04-15
An unauthenticated attacker can hijack other users' devices and potentially control them.
CVSS Score
6.9
EPSS Score
0.003
Published
2025-04-15
Due to lack of server-side input validation, attackers can inject malicious JavaScript code into users personal spaces of the web portal.
CVSS Score
9.3
EPSS Score
0.004
Published
2025-04-15
An unauthenticated attacker can check the existence of usernames in the system by querying an API.
CVSS Score
6.9
EPSS Score
0.003
Published
2025-04-15
An unauthenticated attacker can obtain a list of smart devices by knowing a valid username.
CVSS Score
6.9
EPSS Score
0.003
Published
2025-04-15
An authenticated attacker can obtain any plant name by knowing the plant ID.
CVSS Score
6.9
EPSS Score
0.003
Published
2025-04-15
An unauthenticated attacker can obtain a user's plant list by knowing the username.
CVSS Score
6.9
EPSS Score
0.003
Published
2025-04-15
Unauthenticated attackers can obtain restricted information about a user's smart device collections (i.e., "scenes").
CVSS Score
6.9
EPSS Score
0.004
Published
2025-04-15
An unauthenticated attacker can obtain a serial number of a smart meter(s) using its owner's username.
CVSS Score
6.9
EPSS Score
0.004
Published
2025-04-15


Contact Us

Shodan ® - All rights reserved