6.9
CVE-2025-27575 - Growatt Cloud portal Authorization Bypass Through User-Controlled Key
An unauthenticated attacker can obtain EV charger version and firmware upgrading history by knowing the charger ID.
0.0
CVE-2025-35997 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
6.9
CVE-2025-31950 - Growatt Cloud portal Authorization Bypass Through User-Controlled Key
An unauthenticated attacker can obtain EV charger energy consumption information of other users.
6.9
CVE-2025-31945 - Growatt Cloud portal Authorization Bypass Through User-Controlled Key
An unauthenticated attacker can obtain other users' charger information.
6.9
CVE-2025-26857 - Growatt Cloud portal Authorization Bypass Through User-Controlled Key
Unauthenticated attackers can rename arbitrary devices of arbitrary users (i.e., EV chargers).
0.0
CVE-2025-31942 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
6.9
CVE-2025-27719 - Growatt Cloud portal Authorization Bypass Through User-Controlled Key
Unauthenticated attackers can query an API endpoint and get device details.
6.9
CVE-2025-31654 - Growatt Cloud portal Authorization Bypass Through User-Controlled Key
An attacker can get information about the groups of the smart home devices for arbitrary users (i.e., "rooms").
6.9
CVE-2025-30514 - Growatt Cloud portal Authorization Bypass Through User-Controlled Key
Unauthenticated attackers can obtain restricted information about a user's smart device collections (i.e., "scenes").
6.9
CVE-2025-27938 - Growatt Cloud portal Authorization Bypass Through User-Controlled Key
Unauthenticated attackers can obtain restricted information about a user's smart device collections (i.e., "rooms").