CVE-2024-28756 Information

Description

The SolarEdge mySolarEdge application before 2.20.1 for Android has a certificate verification issue that allows a Machine-in-the-middle (MitM) attacker to read and alter all network traffic between the application and the server.

Reference

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-012.txt https://www.solaredge.com/coordinated-vulnerability-disclosure-policy/advisories/sedg-2024-1