CVE-2025-36752

Growatt ShineLan-X communication dongle has an undocumented backup account with undocumentedcredentialswhichallows significant level access to the device, such asallowing any attacker to access the SettingCenter. This means that this is effectively backdoor for all devices utilizing a Growatt ShineLan-X communication dongle.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
DIVDCNA
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://csirt.divd.nl/CVE-2025-36752/