Cyber Posture

CVE-2024-50694

Critical

Published: 24 January 2025

Published
24 January 2025
Modified
29 May 2025
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0081 74.3th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-50694 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Sungrowpower Winet-S Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 25.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

SI-10 mandates validation of information inputs such as the MQTT timestamp to enforce bounds checking and prevent stack-based buffer overflows.

SI-16 Memory Protection good match
prevent

SI-16 provides memory protections like stack canaries or DEP that mitigate exploitation of stack buffer overflows by preventing arbitrary code execution.

SI-2 Flaw Remediation good match
prevent

SI-2 ensures timely identification, reporting, and patching of flaws like this buffer overflow vulnerability in the SunGrow WiNet-SV200 software.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Direct remote exploitation of a network-exposed MQTT service via buffer overflow leading to RCE without auth.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

In SunGrow WiNet-SV200.001.00.P027 and earlier versions, when copying the timestamp read from an MQTT message, the underlying code does not check the bounds of the buffer that is used to store the message. This may lead to a stack-based buffer…

more

overflow.

Deeper analysisAI

CVE-2024-50694 is a stack-based buffer overflow vulnerability (CWE-121) affecting SunGrow WiNet-SV200 software in versions 001.00.P027 and earlier. The issue arises when the software copies a timestamp extracted from an MQTT message into a fixed-size buffer without performing bounds checks, potentially allowing arbitrary data to overflow the stack.

Remote attackers require no privileges, authentication, or user interaction to exploit this vulnerability over the network with low complexity, as indicated by its CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). By sending a specially crafted MQTT message containing an oversized timestamp, an attacker could overwrite stack memory, potentially leading to remote code execution, denial of service, or unauthorized access to confidential data and system integrity.

SunGrow has published a security notice detailing the vulnerability at https://en.sungrowpower.com/security-notice-detail-2/5961, which serves as the primary reference for affected users seeking mitigation guidance or patches.

Details

CWE(s)
CWE-121

Affected Products

sungrowpower
winet-s firmware
≤ 200.001.00.p027

CVEs Like This One

CVE-2024-50695Same product: Sungrowpower Winet-S
CVE-2024-50698Same product: Sungrowpower Winet-S
CVE-2024-50696Same product: Sungrowpower Winet-S
CVE-2024-50697Same product: Sungrowpower Winet-S
CVE-2024-50693Same vendor: Sungrowpower
CVE-2024-50685Same vendor: Sungrowpower
CVE-2024-50686Same vendor: Sungrowpower
CVE-2025-70219Shared CWE-121
CVE-2025-61128Shared CWE-121
CVE-2019-25319Shared CWE-121

References