Growatt Security Vulnerabilities (CVEs)
Track 20 security vulnerabilities affecting Growatt products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
ShineLan-X contains a stored cross-site scripting (XSS) vulnerability in the Plant Name field that allows attackers to inject malicious HTML/JavaScrip...
Dec 13, 2025The Growatt ShineLan-X communication dongle contains an undocumented backup account with hardcoded credentials, creating a backdoor that allows attack...
Dec 13, 2025The SWD debug interface on Growatt ShineLan-X communication dongles is enabled by default, allowing attackers to gain debug access to extract secrets ...
Dec 13, 2025CVE-2025-36747 is a critical vulnerability in ShineLan-X firmware where hardcoded FTP credentials allow attackers to establish insecure connections. T...
Dec 13, 2025ShineLan-X's local configuration web server has a stored XSS vulnerability in the communication module settings center. Attackers can inject malicious...
Dec 13, 2025Unauthenticated attackers can trigger device actions associated with specific 'scenes' of arbitrary users, allowing them to manipulate smart home or I...
Apr 15, 2025An unauthenticated attacker can access other users' charger information through an authorization bypass vulnerability. This affects systems with vulne...
Apr 15, 2025This vulnerability allows attackers to upload arbitrary files instead of legitimate plant images in affected systems. This could lead to remote code e...
Apr 15, 2025This vulnerability allows unauthenticated attackers to enumerate smart devices by querying an unprotected API with a known username. It affects system...
Apr 15, 2025An unauthenticated attacker can retrieve EV charger version information and firmware upgrade history by knowing the charger's identifier. This informa...
Apr 15, 2025Unauthenticated attackers can rename rooms belonging to arbitrary users in affected systems. This authorization bypass vulnerability allows attackers ...
Apr 15, 2025This vulnerability allows an attacker to export other users' plant information from affected systems, potentially exposing sensitive operational data....
Apr 15, 2025This vulnerability allows attackers to inject malicious JavaScript code into users' personal spaces of a web portal due to insufficient server-side in...
Apr 15, 2025This vulnerability allows unauthenticated attackers to enumerate smart devices by knowing a valid username. It affects systems that expose smart devic...
Apr 15, 2025This vulnerability allows unauthenticated attackers to retrieve a user's plant list by simply knowing their username. It affects systems using vulnera...
Apr 15, 2025An unauthenticated attacker can retrieve smart meter serial numbers using only the owner's username, bypassing authentication requirements. This affec...
Apr 15, 2025An authenticated attacker can inject malicious scripts into the plant name field, which are then stored and executed when other users view the affecte...
Apr 15, 2025Unauthenticated attackers can access information about smart device collections (rooms) that should be restricted. This affects systems running vulner...
Apr 15, 2025This vulnerability allows attackers to change registered email addresses of other users, enabling account takeover. It affects systems with insufficie...
Apr 15, 2025This vulnerability allows unauthenticated attackers to determine which usernames exist in a system by querying a specific API. This affects systems ru...
Apr 15, 2025Why Monitor Growatt Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 20+ known vulnerabilities affecting Growatt products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Growatt packages in under 60 seconds. No agents required - completely agentless scanning that works across Growatt deployments.
Free vulnerability database: Access detailed information about every Growatt CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Growatt CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
