CVE-2025-9696
BaseFortify
Publication date: 2025-09-02
Last updated on: 2025-09-04
Assigner: ICS-CERT
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the SunPower PVS6's BluetoothLE interface arises from the use of hardcoded encryption parameters and publicly accessible protocol details. This flaw allows an attacker within Bluetooth range to exploit the device's servicing interface, gaining full access to it. Through this access, the attacker can perform various malicious actions such as replacing firmware, disabling power production, modifying grid settings, creating SSH tunnels, changing firewall settings, and manipulating connected devices.
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized control over the device's functions. An attacker could disable power production, alter grid settings, replace firmware, and manipulate connected devices, potentially causing power outages, security breaches, and operational disruptions.