📦 Isolarcloud

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in SunGrow iSolarCloud's powerStationService API model. Attackers can manipulate object references to access unauthorized da...

SunGrow iSolarCloud versions before October 31, 2024 contain an insecure direct object reference (IDOR) vulnerability in the devService API model. This allows attackers to access or manipulate data be...

This vulnerability allows attackers to bypass authorization and access unauthorized organizational data through the orgService API in SunGrow iSolarCloud. Organizations using iSolarCloud versions befo...

This vulnerability allows attackers to bypass authorization controls in SunGrow iSolarCloud's userService API, enabling unauthorized access to other users' data and potentially administrative function...

The SunGrow iSolarCloud Android app uses a weak AES encryption key with insufficient randomness, allowing attackers to decrypt communications between the mobile app and cloud service. This affects all...