Unrated severityNVD Advisory· Published Dec 13, 2025· Updated Jan 7, 2026

Undocumented backup Account and No Password Configuration Capability

CVE-2025-36752

Description

Growatt ShineLan-X communication dongle has an undocumented backup account with undocumented credentials which allows significant level access to the device, such as allowing any attacker to access the Setting Center. This means that this is effectively backdoor for all devices utilizing a Growatt ShineLan-X communication dongle.

Affected products

Growatt/Shinelan Xv5
Range: 3.6.0.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

csirt.divd.nl/CVE-2025-36752/mitrethird-party-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000