All 7 CVE vulnerabilities found in ShineLan-X, with AI-generated Chinese analysis, references, and POCs.
Vendor: Growatt
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-36747 | Hardcoded FTP Credentials within the firmware CWE-798 | 9.8AI | CriticalAI | 2025-12-13 |
| CVE-2025-36752 | Undocumented backup Account and No Password Configuration Capability CWE-798 | 9.8AI | CriticalAI | 2025-12-13 |
| CVE-2025-36754 | Authentication bypass on web interface CWE-290 | 7.4AI | HighAI | 2025-12-13 |
| CVE-2025-36748 | Stored Cross-Site Scripting (XSS) vulnerability in Growatt ShineLan-X CWE-79 | 5.4AI | MediumAI | 2025-12-13 |
| CVE-2025-36750 | Stored cross site scripting (XSS) vulnerability in Growatt ShineLan-X CWE-79 | 4.8AI | MediumAI | 2025-12-13 |
| CVE-2025-36753 | SWD Interface Open on Growatt ShineLan-X CWE-290 | 9.1AI | CriticalAI | 2025-12-13 |
| CVE-2025-36751 | Missing encryption on Local Configuration Interface or Cloud Endpoint Communication - Growatt MIC3300TL-X and ShineLan-X CWE-311 | 7.4AI | HighAI | 2025-12-13 |
All 7 known CVE vulnerabilities affecting ShineLan-X with full Chinese analysis, references, and POCs where available.