CVE-2024-50696
Published: 26 February 2025
Summary
CVE-2024-50696 is a high-severity Download of Code Without Integrity Check (CWE-494) vulnerability in Sungrowpower Winet-S Firmware. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 36.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-14 (Signed Components) and SI-7 (Software, Firmware, and Information Integrity).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-7 requires verification of firmware integrity using defined tools and techniques before installation, directly mitigating the missing integrity checks that enable bogus firmware updates via MQTT.
CM-14 mandates the use of digitally signed components for firmware, preventing the installation of unsigned malicious firmware downloaded from an attacker-controlled server.
CM-3 establishes configuration change control processes that review and approve firmware upgrades, blocking unauthorized updates triggered by crafted MQTT messages.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Missing firmware integrity checks (CWE-494) directly enable remote unauthorized update via MQTT (T1190) and malicious system firmware installation for persistence (T1542.001).
NVD Description
SunGrow WiNet-S V200.001.00.P025 and earlier versions is missing integrity checks for firmware upgrades. Sending a specific MQTT message allows an update to an inverter or a WiNet connectivity dongle with a bogus firmware file that is located on attacker-controlled server.
Deeper analysisAI
CVE-2024-50696 affects SunGrow WiNet-S firmware versions V200.001.00.P025 and earlier, where integrity checks are missing during firmware upgrades. This vulnerability, classified under CWE-494 (Download of Code Without Integrity Check), enables an attacker to send a specific MQTT message that triggers an unauthorized firmware update to a SunGrow inverter or WiNet connectivity dongle using a bogus firmware file hosted on an attacker-controlled server. The issue carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N), highlighting its high integrity impact potential over the network.
An unauthenticated attacker with network access can exploit this flaw remotely with low complexity and no user interaction required. By crafting and sending the targeted MQTT message, the attacker can force the device to download and install malicious firmware, compromising the integrity of the inverter or dongle. This could lead to persistent control, altered device behavior, or further attacks on connected systems, though confidentiality and availability impacts are none per the CVSS vector.
SunGrow has published a security notice at https://en.sungrowpower.com/security-notice-detail-2/6140 detailing the vulnerability, which security practitioners should consult for recommended mitigations, patches, or workarounds.
Details
- CWE(s)