CVE-2025-36752
Unknown
Unknown - Not Provided
Undocumented Backdoor Account in Growatt ShineLan-X Dongle
Vulnerability report for CVE-2025-36752, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2025-12-13
Last updated on: 2025-12-13
Assigner: Dutch Institute for Vulnerability Disclosure
Description
Description
Growatt ShineLan-X communication dongle has an undocumented backup account with undocumented credentials which allows significant level access to the device, such as allowing any attacker to access the Setting Center. This means that this is effectively backdoor for all devices utilizing a Growatt ShineLan-X communication dongle.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| growatt | shinelan-x | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |