CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-8893: Use of Hard-coded Credentials vulnerability in GoodWe Technologies Co., Ltd. GW1500‑XS allows anyone in physical proximity to the device to fully...

7.3 CVSS

Description

Use of Hard-coded Credentials vulnerability in GoodWe Technologies Co., Ltd. GW1500‑XS allows anyone in physical proximity to the device to fully access the web interface of the inverter via Wi‑Fi.This issue affects GW1500‑XS: 1.1.2.1.

Classification

CVE ID: CVE-2024-8893

CVSS Base Severity: HIGH

CVSS Base Score: 7.3

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Affected Products

Vendor: GoodWe Technologies Co., Ltd.

Product: GW1500‑XS

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.99% (scored less or equal to compared to others)

EPSS Date: 2025-03-15 (when was this score calculated)

References

https://os-s.net/publications/advisories/CVE-2024-8893.pdf

Timeline

2025-02-15 00:32:24 UTC
CVE

Use of Hard-coded Credentials vulnerability in GoodWe Technologies Co., Ltd. GW1500‑XS allows anyone in physical proximity to the device to fully...