Metrics
Affected Vendors & Products
Solution
No solution given by the vendor.
Workaround
SunPower did not respond to CISA's attempt to coordinate these vulnerabilities. Users should contact SunPower https://us.sunpower.com/contact-us for more information.
Wed, 03 Sep 2025 20:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Sunpower
Sunpower pvs6 |
|
Vendors & Products |
Sunpower
Sunpower pvs6 |
Tue, 02 Sep 2025 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 02 Sep 2025 16:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The SunPower PVS6's BluetoothLE interface is vulnerable due to its use of hardcoded encryption parameters and publicly accessible protocol details. An attacker within Bluetooth range could exploit this vulnerability to gain full access to the device's servicing interface. This access allows the attacker to perform actions such as firmware replacement, disabling power production, modifying grid settings, creating SSH tunnels, altering firewall settings, and manipulating connected devices. | |
Title | Use of Hard-coded Credentials in SunPower PVS6 | |
Weaknesses | CWE-798 | |
References |
| |
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: icscert
Published:
Updated: 2025-09-02T17:39:59.231Z
Reserved: 2025-08-29T14:17:40.379Z
Link: CVE-2025-9696

Updated: 2025-09-02T17:39:56.706Z

Status : Awaiting Analysis
Published: 2025-09-02T17:15:36.403
Modified: 2025-09-04T15:36:56.447
Link: CVE-2025-9696

No data.

Updated: 2025-09-03T20:27:12Z