Name: 【Security Advisory】Sungrow iSolarCloud Android App – Ignored Certificate Validation Vulnerability (CVE-2024-50691)
Brand: Sungrow
SKU: 【Security Advisory】Sungrow iSolarCloud Android App – Ignored Certificate Validation Vulnerability (CVE-2024-50691)

【Security Advisory】Sungrow Logger1000A/B has a weak password vulnerability (CVE-2025-4534)

Publish Date: 20250520

Product: Logger1000A/B

CVE ID: CVE-2025-4534

Severity: Low

Date: 20250520

Description

Old versions of Sungrow Logger1000A/B products do not have a function to enforce default password changes for users, and users have not taken the initiative to modify the default password. Consequently, this creates a weak password security vulnerability, which could be exploited by attackers to gain access to sensitive device information.

Affected Versions

Vulnerable: All versions LOGGER-SV300.001.00.P033 and prior

Not Affected: LOGGER-SV300.001.00.P034 and later

Vulnerability Rating

CVE-2025-4534：3.7 (AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N）

The scoring is based on the CVSS 3.1 standard. The scoring criteria can be referenced at

（https://www.first.org/cvss/calculator/3.1）

Mitigation and Remediation

Recommended Action: We highly recommend that you log into the iSolarCloud for the available software update or contact your installer for assistance. Have the update installed and change the password and ensure it meets certain complexity requirements (Password length must be ≥8 characters, using at least three of the following combinations: uppercase letters, lowercase letters, special characters, and numbers.).

Patch Release: Available now.

Temporary Fix: Users can manually configure strong passwords, with a password length of ≥8 characters, including uppercase and lowercase letters, numbers, and symbols.

Acknowledgments

This vulnerability was discovered and reported by Sured4rag0n.

Statement

All software updates, patches, and documentation provided by Sungrow Power Supply Co., Ltd. are the proprietary work of Sungrow. These materials may only be used for product maintenance and security improvements. Any unauthorized modification, distribution, decompilation, or reverse engineering is strictly prohibited.

Sungrow makes no express or implied warranties regarding the information provided, including but not limited to warranties of merchantability, fitness for a particular purpose, or non-infringement. Sungrow shall not be liable for any direct, indirect, incidental, or consequential damages arising from the use of this document or associated software.

Sungrow reserves the right to update or modify this document at any time without prior notice. Customers are responsible for implementing security updates in a timely manner to protect their systems.

TOP