CVE-2025-36751

9.4

Critical

Published:13 Dec 2025

Last updated:17 Jun 2026

Source:csirt@divd.nl

Deferred

Weakness (CWE)

CWE-311CWE-311

CVSS Vector

v4.0

Attack Vector: Adjacent
Attack Complexity: Low
Attack Requirements: None
Privileges Required: None
User Interaction: None
Confidentiality (Vulnerable): High
Integrity (Vulnerable): High
Availability (Vulnerable): High
Confidentiality (Subsequent): High
Integrity (Subsequent): High
Availability (Subsequent): High

View on MITRE Find PoC on GitHub

Description

Encryption is missing on the configuration interface for Growatt ShineLan-X and MIC 3300TL-X. This allows an attacker with access to the network to intercept and potentially manipulate communication requests between the inverter and its cloud endpoint.

References

csirt@divd.nl

https://csirt.divd.nl/CVE-2025-36751/