Browse all 38 CVE security advisories affecting Growatt. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Growatt specializes in photovoltaic inverters and energy storage systems, serving as a critical infrastructure component for solar power generation and management. The company’s software ecosystem, particularly its monitoring platforms and mobile applications, has historically been susceptible to a wide array of vulnerabilities, including Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL injection. These flaws often stem from inadequate input validation and weak authentication mechanisms within the web interfaces and API endpoints. With 38 Common Vulnerabilities and Exposures (CVEs) currently on record, the attack surface remains significant, exposing users to potential data breaches and unauthorized system control. While specific major public incidents are less documented than the vulnerability count suggests, the recurring nature of these security defects indicates systemic weaknesses in the development lifecycle. This persistent exposure highlights the need for rigorous security audits in IoT and industrial control systems to prevent exploitation by malicious actors seeking to disrupt energy operations or steal sensitive user data.
This page lists every published CVE security advisory associated with Growatt. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.