CVE-2025-36751
📋 TL;DR
Growatt ShineLan-X and MIC 3300TL-X inverters lack encryption on their configuration interface, allowing network-accessible attackers to intercept and potentially manipulate communication between the inverter and cloud services. This affects organizations and individuals using these specific Growatt inverter models for solar power systems.
💻 Affected Systems
- Growatt ShineLan-X
- Growatt MIC 3300TL-X
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could manipulate inverter settings to cause physical damage, disrupt power generation, steal sensitive operational data, or use the device as an entry point to internal networks.
Likely Case
Attackers intercept configuration data and operational metrics, potentially enabling unauthorized monitoring of power generation or manipulation of inverter parameters.
If Mitigated
With proper network segmentation and access controls, impact is limited to monitoring of unencrypted traffic without ability to manipulate systems.
🎯 Exploit Status
Exploitation requires network access to the device but no authentication. Basic network sniffing tools can intercept unencrypted traffic.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: https://csirt.divd.nl/CVE-2025-36751/
Restart Required: No
Instructions:
1. Monitor Growatt vendor communications for firmware updates. 2. Apply firmware updates when available. 3. Verify encryption is enabled post-update.
🔧 Temporary Workarounds
Network Segmentation
allIsolate inverter devices on separate VLANs with strict firewall rules limiting access to authorized management systems only.
VPN Tunnel for Management
allRoute all inverter management traffic through encrypted VPN tunnels to protect configuration communications.
🧯 If You Can't Patch
- Segment inverter network from other critical systems using firewalls with strict ingress/egress rules
- Implement network monitoring to detect unauthorized access attempts to inverter management interfaces
🔍 How to Verify
Check if Vulnerable:
Use network monitoring tools (Wireshark, tcpdump) to capture traffic between inverter and cloud endpoint. Check if configuration traffic is unencrypted (plain HTTP, unencrypted protocols).Check Version:
Check device firmware version through manufacturer's management interface or physical device display.Verify Fix Applied:
After applying vendor updates, verify configuration traffic shows encrypted protocols (HTTPS, TLS) and no plaintext configuration data is visible.📡 Detection & Monitoring
Log Indicators:
- Unusual configuration changes
- Multiple failed authentication attempts to management interface
- Unexpected network connections to inverter IPs
Network Indicators:
- Unencrypted HTTP traffic to inverter management ports
- Traffic patterns inconsistent with normal inverter operation
- External IP addresses accessing internal inverter management interfaces
SIEM Query:
source_ip IN (inverter_ips) AND (protocol="http" OR port IN [management_ports]) AND NOT destination_ip IN [authorized_management_ips]