📦 Cloud Portal
by Growatt
🔍 What is Cloud Portal?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
This vulnerability allows attackers to upload arbitrary files instead of legitimate plant images in affected systems. This could lead to remote code execution or system compromise. Industrial control ...
This vulnerability allows attackers to inject malicious JavaScript code into users' personal spaces of a web portal due to insufficient server-side input validation. This affects all users of the vuln...
An authenticated attacker can inject malicious scripts into the plant name field, which are then stored and executed when other users view the affected page. This stored cross-site scripting vulnerabi...
This vulnerability allows attackers to change registered email addresses of other users, enabling account takeover. It affects systems with insufficient authorization checks for email modification fun...
Unauthenticated attackers can trigger device actions associated with specific 'scenes' of arbitrary users, allowing them to manipulate smart home or IoT devices without authentication. This affects sy...
An unauthenticated attacker can access other users' charger information through an authorization bypass vulnerability. This affects systems with vulnerable charging management software where user data...
This vulnerability allows unauthenticated attackers to enumerate smart devices by querying an unprotected API with a known username. It affects systems with exposed smart device management interfaces,...
An unauthenticated attacker can retrieve EV charger version information and firmware upgrade history by knowing the charger's identifier. This information disclosure vulnerability affects electric veh...
Unauthenticated attackers can rename rooms belonging to arbitrary users in affected systems. This authorization bypass vulnerability allows attackers to disrupt legitimate users' workflows and potenti...
This vulnerability allows an attacker to export other users' plant information from affected systems, potentially exposing sensitive operational data. It affects users of specific industrial control s...
This vulnerability allows unauthenticated attackers to enumerate smart devices by knowing a valid username. It affects systems that expose smart device management interfaces without proper authorizati...
This vulnerability allows unauthenticated attackers to retrieve a user's plant list by simply knowing their username. It affects systems using vulnerable software that exposes this information without...
An unauthenticated attacker can retrieve smart meter serial numbers using only the owner's username, bypassing authentication requirements. This affects smart meter systems that expose this informatio...
Unauthenticated attackers can access information about smart device collections (rooms) that should be restricted. This affects systems running vulnerable versions of smart home/device management soft...
This vulnerability allows unauthenticated attackers to determine which usernames exist in a system by querying a specific API. This affects systems running vulnerable versions of the software that exp...