Old versions of Sungrow Logger1000A/B products do not have a function to enforce default password changes for users, and users have not taken the initiative to modify the default password. Consequently, this creates a weak password security vulnerability, which could be exploited by attackers to gain access to sensitive device information.
Affected Versions
Vulnerability Rating
CVE-2025-4534:3.7 (AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
The scoring is based on the CVSS 3.1 standard. The scoring criteria can be referenced at
(https://www.first.org/cvss/calculator/3.1)
Mitigation and Remediation
Recommended Action: We highly recommend that you log into the iSolarCloud for the available software update or contact your installer for assistance. Have the update installed and change the password and ensure it meets certain complexity requirements (Password length must be ≥8 characters, using at least three of the following combinations: uppercase letters, lowercase letters, special characters, and numbers.).
Patch Release: Available now.
Temporary Fix: Users can manually configure strong passwords, with a password length of ≥8 characters, including uppercase and lowercase letters, numbers, and symbols.
Acknowledgments
This vulnerability was discovered and reported by Sured4rag0n.
Statement
All software updates, patches, and documentation provided by Sungrow Power Supply Co., Ltd. are the proprietary work of Sungrow. These materials may only be used for product maintenance and security improvements. Any unauthorized modification, distribution, decompilation, or reverse engineering is strictly prohibited.
Sungrow makes no express or implied warranties regarding the information provided, including but not limited to warranties of merchantability, fitness for a particular purpose, or non-infringement. Sungrow shall not be liable for any direct, indirect, incidental, or consequential damages arising from the use of this document or associated software.
Sungrow reserves the right to update or modify this document at any time without prior notice. Customers are responsible for implementing security updates in a timely manner to protect their systems.