Sign-up

ID

VAR-202501-4123


CVE

CVE-2024-50694


TITLE

SUNGROW  of  WiNet-S  Stack-based buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-024442

DESCRIPTION

In SunGrow WiNet-SV200.001.00.P027 and earlier versions, when copying the timestamp read from an MQTT message, the underlying code does not check the bounds of the buffer that is used to store the message. This may lead to a stack-based buffer overflow. SUNGROW of WiNet-S A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. SunGrow WiNet-S is a LAN communication module from SunGrow, a Chinese company. An attacker can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Trust: 2.16

sources: NVD: CVE-2024-50694 // JVNDB: JVNDB-2024-024442 // CNVD: CNVD-2025-03253

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-03253

AFFECTED PRODUCTS

vendor:sungrowpowermodel:winet-sscope:ltversion:200.001.00.p027

Trust: 1.0

vendor:sungrowmodel:winet-sscope:eqversion:winet-s firmware 200.001.00.p027

Trust: 0.8

vendor:sungrowmodel:winet-sscope:eqversion: -

Trust: 0.8

vendor:sungrowmodel:winet-sscope: - version: -

Trust: 0.8

vendor:sungrowmodel:winet-s <=v200.001.00.p027scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-03253 // JVNDB: JVNDB-2024-024442 // NVD: CVE-2024-50694

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-50694
value: CRITICAL

Trust: 1.0

OTHER: JVNDB-2024-024442
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2025-03253
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-03253
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-50694
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2024-024442
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-03253 // JVNDB: JVNDB-2024-024442 // NVD: CVE-2024-50694

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:Stack-based buffer overflow (CWE-121) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-024442 // NVD: CVE-2024-50694

PATCH

title:Patch for SunGrow WiNet-S Stored Message Stack Buffer Overflow Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/656711

Trust: 0.6

sources: CNVD: CNVD-2025-03253

EXTERNAL IDS

db:NVDid:CVE-2024-50694

Trust: 3.2

db:JVNid:JVNVU94142821

Trust: 0.8

db:ICS CERTid:ICSA-25-072-12

Trust: 0.8

db:JVNDBid:JVNDB-2024-024442

Trust: 0.8

db:CNVDid:CNVD-2025-03253

Trust: 0.6

sources: CNVD: CNVD-2025-03253 // JVNDB: JVNDB-2024-024442 // NVD: CVE-2024-50694

REFERENCES

url:https://en.sungrowpower.com/security-notice-detail-2/5961

Trust: 2.4

url:https://jvn.jp/vu/jvnvu94142821/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-50694

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-25-072-12

Trust: 0.8

sources: CNVD: CNVD-2025-03253 // JVNDB: JVNDB-2024-024442 // NVD: CVE-2024-50694

SOURCES

db:CNVDid:CNVD-2025-03253
db:JVNDBid:JVNDB-2024-024442
db:NVDid:CVE-2024-50694

LAST UPDATE DATE

2025-05-31T22:44:02.281000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-03253date:2025-02-20T00:00:00
db:JVNDBid:JVNDB-2024-024442date:2025-05-30T07:17:00
db:NVDid:CVE-2024-50694date:2025-05-29T16:02:20.297

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-03253date:2025-02-21T00:00:00
db:JVNDBid:JVNDB-2024-024442date:2025-05-30T00:00:00
db:NVDid:CVE-2024-50694date:2025-01-24T23:15:09