Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Growatt — Vulnerabilities & Security Advisories 38

Browse all 38 CVE security advisories affecting Growatt. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Growatt specializes in photovoltaic inverters and energy storage systems, serving as a critical infrastructure component for solar power generation and management. The company’s software ecosystem, particularly its monitoring platforms and mobile applications, has historically been susceptible to a wide array of vulnerabilities, including Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL injection. These flaws often stem from inadequate input validation and weak authentication mechanisms within the web interfaces and API endpoints. With 38 Common Vulnerabilities and Exposures (CVEs) currently on record, the attack surface remains significant, exposing users to potential data breaches and unauthorized system control. While specific major public incidents are less documented than the vulnerability count suggests, the recurring nature of these security defects indicates systemic weaknesses in the development lifecycle. This persistent exposure highlights the need for rigorous security audits in IoT and industrial control systems to prevent exploitation by malicious actors seeking to disrupt energy operations or steal sensitive user data.

Top products by Growatt: Cloud portal ShineLan-X https://oss.growatt.com
CVE IDTitleCVSSSeverityPublished
CVE-2025-36747 Hardcoded FTP Credentials within the firmware — ShineLan-XCWE-798 9.8AICriticalAI2025-12-13
CVE-2025-36752 Undocumented backup Account and No Password Configuration Capability — ShineLan-XCWE-798 9.8AICriticalAI2025-12-13
CVE-2025-36748 Stored Cross-Site Scripting (XSS) vulnerability in Growatt ShineLan-X — ShineLan-XCWE-79 5.4AIMediumAI2025-12-13
CVE-2025-36754 Authentication bypass on web interface — ShineLan-XCWE-290 7.4AIHighAI2025-12-13
CVE-2025-36750 Stored cross site scripting (XSS) vulnerability in Growatt ShineLan-X — ShineLan-XCWE-79 4.8AIMediumAI2025-12-13
CVE-2025-36753 SWD Interface Open on Growatt ShineLan-X — ShineLan-XCWE-290 9.1AICriticalAI2025-12-13
CVE-2025-36751 Missing encryption on Local Configuration Interface or Cloud Endpoint Communication - Growatt MIC3300TL-X and ShineLan-X — ShineLan-XCWE-311 7.4AIHighAI2025-12-13
CVE-2025-29757 Growatt cloud service 安全漏洞 — https://oss.growatt.comCWE-863 6.5 -2025-07-19
CVE-2025-27929 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portalCWE-639 5.3 Medium2025-04-15
CVE-2025-24315 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portalCWE-639 5.3 Medium2025-04-15
CVE-2025-27561 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portalCWE-639 5.3 Medium2025-04-15
CVE-2025-30257 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portalCWE-639 5.3 Medium2025-04-15
CVE-2025-31147 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portalCWE-639 5.3 Medium2025-04-15
CVE-2025-31360 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portalCWE-639 6.5 Medium2025-04-15
CVE-2025-30512 Growatt Cloud portal External Control of System or Configuration Setting — Cloud portalCWE-15 6.5 Medium2025-04-15
CVE-2025-27927 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portalCWE-639 5.3 Medium2025-04-15
CVE-2025-24297 Growatt Cloud portal Cross-site Scripting — Cloud portalCWE-79 9.8 Critical2025-04-15
CVE-2025-30510 Growatt Cloud portal Insufficient Type Distinction — Cloud portalCWE-351 9.8 Critical2025-04-15
CVE-2025-24850 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portalCWE-639 5.3 Medium2025-04-15
CVE-2025-25276 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portalCWE-639 5.3 Medium2025-04-15
CVE-2025-27565 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portalCWE-639 5.3 Medium2025-04-15
CVE-2025-27575 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portalCWE-639 5.3 Medium2025-04-15
CVE-2025-31950 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portalCWE-639 5.3 Medium2025-04-15
CVE-2025-31945 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portalCWE-639 5.3 Medium2025-04-15
CVE-2025-26857 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portalCWE-639 5.3 Medium2025-04-15
CVE-2025-27719 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portalCWE-639 5.3 Medium2025-04-15
CVE-2025-31654 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portalCWE-639 5.3 Medium2025-04-15
CVE-2025-30514 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portalCWE-639 5.3 Medium2025-04-15
CVE-2025-27938 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portalCWE-639 5.3 Medium2025-04-15
CVE-2025-27939 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portalCWE-639 7.5 High2025-04-15

This page lists every published CVE security advisory associated with Growatt. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.