Missing Encryption of Sensitive Data

CVE-2025-36751

High

9.4/10

Summary

Encryption is missing on the configuration interface for Growatt ShineLan-X and MIC 3300TL-X. This allows an attacker with access to the network to intercept and potentially manipulate communication requests between the inverter and its cloud endpoint.

Attack Complexity: LOW
Attack Vector: ADJACENT
User Interaction: NONE
Privileges Required: NONE

CWE-311 - Missing Encryption of Sensitive Data

The software does not encrypt sensitive or critical information before storage or transmission.

References

Advisory Timeline

Published Dec 13, 2025

Missing Encryption of Sensitive Data

CVE-2025-36751

Summary

CWE-311 - Missing Encryption of Sensitive Data

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS