DIVD-2025-00009 - Sungrow's iSolarCloud MQTT lacking permissions
| Our reference | DIVD-2025-00009 |
| Case lead | Frank Breedijk |
| Researcher(s) | |
| CVE(s) | |
| Products |
|
| Versions |
|
| Recommendation | The vulnerability has been patched by SunGrow on 6 June 2025 |
| Patch status | Full patched |
| Status | Open |
| Last modified | 11 Jun 2025 09:25 CEST |
Summary
Harm van den Brink, DIVD volunteer, in his capacity as researcher at ENCS has discovered a vulnerability in SunGrows iSolarCloud that allowed a malicious user to subscribe, and read all data sent to the underlying MQTT server by the SunGrow devices connected to it.
The credentials for the MQTT server as well as the RSA decryption key could be extracted from the javascript code and DOM of the iSolarCloud website. Using these credentials a malicious user could then subscribe to the # topic of the MQTT server and thus receive all data from all connected devices. Using the RSA decryption key obtained in the same manner all the messages from all topics could be decrypted as well.
The vulnerability has been patched by SunGrow on 6 June 2025, and exploitation is no longer possible.
What you can do
There is no action needed by SunGrow customers. The vulnerability has been patched by SunGrow.
What we are doing
DIVD has reported the vulnerability to SunGrow on behalf of ENCS and, in it’s role as CNA has registered CVE-2025-29756.
Timeline
| Date | Description |
|---|---|
| 28 Mar 2025 | Vulnerability reported to DIVD by ENCS |
| 10 Apr 2025 | DIVD reaches out to SunGrow |
| 23 Apr 2025 | 2nd attempt of DIVD to reach out to SunGrow, SunGrow replies |
| 23 Apr 2025 | DIVD sends vulnerability report to SunGrow |
| 24 Apr 2025 | SunGrow acknowledges receipt of report |
|
23 Apr 2025- 24 Apr 2025 |
Time to acknowledge |
| 20 May 2025 | Meeting between SunGrow, DIVD and ENCS to clarify vulnerability |
| 21 May 2025 | SunGrow confirms vulnerability as found by ENCS |
| 06 Jun 2025 | SunGrow patches the vulnerability |
|
24 Apr 2025- 06 Jun 2025 |
Time to patch |