CVE-2024-28756 - Vulnerability Details - OpenCVE

The SolarEdge mySolarEdge application before 2.20.1 for Android has a certificate verification issue that allows a Machine-in-the-middle (MitM) attacker to read and alter all network traffic between the application and the server.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00061.

Key SSVC decision points have not yet been added.

Vendors	Products
Solaredge	Mysolaredge

Configuration 1 [-]

cpe:2.3:a:solaredge:mysolaredge:*:*:*:*:*:android:*:*

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.solaredge.com/coordinated-vulnerability-disclosure-policy/advisories/sedg-2024-1
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-012.txt

History

Tue, 17 Jun 2025 14:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Solaredge Solaredge mysolaredge
CPEs		cpe:2.3:a:solaredge:mysolaredge::::::android::*
Vendors & Products		Solaredge Solaredge mysolaredge

Wed, 28 Aug 2024 15:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-125

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-03-21T00:00:00

Updated: 2024-08-28T13:58:03.507Z

Reserved: 2024-03-10T00:00:00

Link: CVE-2024-28756

Vulnrichment

Updated: 2024-08-02T00:56:58.075Z

NVD

Status : Analyzed

Published: 2024-03-21T21:15:10.550

Modified: 2025-06-17T13:47:54.133

Link: CVE-2024-28756

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-28756", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-28T13:58:03.507Z", "dateReserved": "2024-03-10T00:00:00", "datePublished": "2024-03-21T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-03-21T21:03:37.183181"}, "descriptions": [{"lang": "en", "value": "The SolarEdge mySolarEdge application before 2.20.1 for Android has a certificate verification issue that allows a Machine-in-the-middle (MitM) attacker to read and alter all network traffic between the application and the server."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-012.txt"}, {"url": "https://www.solaredge.com/coordinated-vulnerability-disclosure-policy/advisories/sedg-2024-1"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AC:H/AV:A/A:N/C:H/I:L/PR:N/S:U/UI:N", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:56:58.075Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-012.txt", "tags": ["x_transferred"]}, {"url": "https://www.solaredge.com/coordinated-vulnerability-disclosure-policy/advisories/sedg-2024-1", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-125", "lang": "en", "description": "CWE-125 Out-of-bounds Read"}]}], "affected": [{"vendor": "solaredge", "product": "mysolaredge", "cpes": ["cpe:2.3:a:solaredge:mysolaredge:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "2.20.1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-03-28T16:59:23.677137Z", "id": "CVE-2024-28756", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-28T13:58:03.507Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-012.txt", "tags": ["x_transferred"]}, {"url": "https://www.solaredge.com/coordinated-vulnerability-disclosure-policy/advisories/sedg-2024-1", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:56:58.075Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-28756", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-28T16:59:23.677137Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:solaredge:mysolaredge:*:*:*:*:*:*:*:*"], "vendor": "solaredge", "product": "mysolaredge", "versions": [{"status": "affected", "version": "0", "lessThan": "2.20.1", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-28T13:51:21.124Z"}}], "cna": {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AC:H/AV:A/A:N/C:H/I:L/PR:N/S:U/UI:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-012.txt"}, {"url": "https://www.solaredge.com/coordinated-vulnerability-disclosure-policy/advisories/sedg-2024-1"}], "descriptions": [{"lang": "en", "value": "The SolarEdge mySolarEdge application before 2.20.1 for Android has a certificate verification issue that allows a Machine-in-the-middle (MitM) attacker to read and alter all network traffic between the application and the server."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-03-21T21:03:37.183181"}}}, "cveMetadata": {"cveId": "CVE-2024-28756", "state": "PUBLISHED", "dateUpdated": "2024-08-28T13:58:03.507Z", "dateReserved": "2024-03-10T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-03-21T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:solaredge:mysolaredge:*:*:*:*:*:android:*:*", "matchCriteriaId": "8F5024CB-BAF8-4D5D-8BC3-EB5A015DAD74", "versionEndExcluding": "2.20.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The SolarEdge mySolarEdge application before 2.20.1 for Android has a certificate verification issue that allows a Machine-in-the-middle (MitM) attacker to read and alter all network traffic between the application and the server."}, {"lang": "es", "value": "La aplicaci\u00f3n SolarEdge mySolarEdge anterior a 2.20.1 para Android tiene un problema de verificaci\u00f3n de certificado que permite a un atacante de m\u00e1quina en el medio (MitM) leer y alterar todo el tr\u00e1fico de red entre la aplicaci\u00f3n y el servidor."}], "id": "CVE-2024-28756", "lastModified": "2025-06-17T13:47:54.133", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 4.2, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2024-03-21T21:15:10.550", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.solaredge.com/coordinated-vulnerability-disclosure-policy/advisories/sedg-2024-1"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-012.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.solaredge.com/coordinated-vulnerability-disclosure-policy/advisories/sedg-2024-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-012.txt"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}