Auth bypass in Sungrow Isolarcloud
CVE-2025-29756
SunGrow's back end users system iSolarCloud https://isolarcloud.com uses an MQTT service to transport data from the user's connected devices to the user's web browser. The MQTT server however did not have sufficient restrictions in plac…
Vulnerability class: Broken Access Control
EPSS: 0.002 (10.9th percentile) — read the EPSS interpretation.
Affected products
- Sungrow Isolarcloud — versions 0
Weakness classification (CWE)
References
- csirt@divd.nl (technical-description, third-party-advisory)
- csirt@divd.nl (third-party-advisory)
- csirt@divd.nl (product)