CVE-2024-50694

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jan 24, 2025

Updated: Feb 5, 2025

CWE ID 121

Summary

CVE-2024-50694 is a newly identified vulnerability affecting SunGrow WiNet-SV200.001.00.P027 and older versions. The issue lies in the way the software handles MQTT messages, with the timestamp extracted from these messages being copied into a buffer without proper bounds checking. This can result in a stack-based buffer overflow, potentially leading to arbitrary code execution or system crashes. The vulnerability could be exploited remotely, posing a significant risk to affected installations. It is strongly recommended that users update their SunGrow software to a patched version as soon as possible to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database