CVE-2024-50698

CVE-2024-50698 is a heap-based buffer overflow vulnerability affecting SunGrow WiNet-SV200 firmware versions 001.00.P027 and earlier. The flaw stems from insufficient bounds checks on MQTT message content, as classified under CWE-122: Heap-based Buffer Overflow. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical due to its potential for severe impact.

Attackers can exploit this vulnerability remotely over the network without authentication, privileges, or user interaction, requiring only low complexity. Exploitation could grant high-level impacts on confidentiality, integrity, and availability, such as arbitrary code execution, device takeover, or denial of service on the affected WiNet-SV200 component.

The vendor has published a security notice with mitigation guidance at https://en.sungrowpower.com/security-notice-detail-2/5961. Security practitioners should consult this advisory for patching instructions and workarounds applicable to vulnerable SunGrow deployments.