The SunPower PVS6's BluetoothLE interface is vulnerable due to its use of hardcoded encryption parameters and publicly accessible protocol details. An attacker within Bluetooth range could exploit this vulnerability to gain full access to the device's servicing interface. This access allows the attacker to perform actions such as firmware replacement, disabling power production, modifying grid settings, creating SSH tunnels, altering firewall settings, and manipulating connected devices.
Metrics
Affected Vendors & Products
References
History
Tue, 02 Sep 2025 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 02 Sep 2025 16:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The SunPower PVS6's BluetoothLE interface is vulnerable due to its use of hardcoded encryption parameters and publicly accessible protocol details. An attacker within Bluetooth range could exploit this vulnerability to gain full access to the device's servicing interface. This access allows the attacker to perform actions such as firmware replacement, disabling power production, modifying grid settings, creating SSH tunnels, altering firewall settings, and manipulating connected devices. | |
Title | Use of Hard-coded Credentials in SunPower PVS6 | |
Weaknesses | CWE-798 | |
References |
| |
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: icscert
Published:
Updated: 2025-09-02T17:39:59.231Z
Reserved: 2025-08-29T14:17:40.379Z
Link: CVE-2025-9696

Updated: 2025-09-02T17:39:56.706Z

Status : Received
Published: 2025-09-02T17:15:36.403
Modified: 2025-09-02T17:15:36.403
Link: CVE-2025-9696

No data.

No data.