Investigators Unearth Weaknesses in Solarman and Deye Solar Systems

AndyC 13 August 2024

August 12, 2024Ravie LakshmananCritical Infrastructure / Vulnerability

Security experts have uncovered various weaknesses in photovoltaic system management platforms operated by Chinese enterprises Solarman and Deye that could empower nefarious i

Researchers Uncover Vulnerabilities in Solarman and Deye Solar Systems

August 12, 2024Ravie LakshmananCritical Infrastructure / Vulnerability

Researchers Uncover Vulnerabilities in Solarman and Deye Solar Systems

Security experts have uncovered various weaknesses in photovoltaic system management platforms operated by Chinese enterprises Solarman and Deye that could empower nefarious individuals to induce disturbances and electricity outages.

“Should these vulnerabilities be exploited, an attacker could manipulate inverter settings to cause disruptions in the grid, potentially leading to blackouts,” pointed out Bitdefender researchers in a report released last week.

The vulnerabilities have been resolved by Solarman and Deye in July 2024, subsequent to responsible disclosure on May 22, 2024.

The cybersecurity provider from Romania, which scrutinized the two PV monitoring and management platforms, revealed a variety of concerns that might result in unauthorized account access and disclosure of information.

Cybersecurity

A succinct overview of the issues is outlined below –

  • Complete Account Takeover through Manipulation of Authorization Token Using the /oauth2-s/oauth/token API endpoint
  • Reuse of Deye Cloud Token
  • Exposure of Information via /group-s/acc/org API Endpoint
  • Pre-set Account with Unrestricted Device Access (account: “SmartConfigurator@solarmanpv.com” / password: 123456)
  • Leakage of Information through /user-s/acc/org API Endpoint
  • Possible Unauthorized Generation of Authorization Token
Solarman and Deye Solar Systems

Successful exploitation of these vulnerabilities could give attackers control over any Solarman account, reuse JWTs from Deye Cloud to gain unauthorized access to Solarman accounts, and access confidential information about all registered organizations.

Cybersecurity

They could also retrieve details about any Deye device, access confidential data of registered users, and even create authentication tokens for any user on the platform, significantly compromising its secrecy and reliability.

“Malicious actors can commandeer accounts and manipulate solar inverters, disrupting power generation and potentially causing voltage fluctuations,” explained the researchers.

“Sensitive data about users and organizations may be exposed, leading to privacy breaches, data collection, targeted phishing attacks or other malicious operations. By tampering with settings on solar inverters, attackers could trigger widespread disruptions in electricity distribution, affecting grid stability and possibly resulting in blackouts.”

Enjoyed reading this article? Connect with us on Twitter and LinkedIn for more exclusive content.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , ,

More Stories

Cracked Software and YouTube Videos Spread CountLoader and GachiLoader Malware

Cracked Software and YouTube Videos Spread CountLoader and GachiLoader Malware

AndyC 20 December 2025
WatchGuard Warns of Active Exploitation of Critical Fireware OS VPN Vulnerability

WatchGuard Warns of Active Exploitation of Critical Fireware OS VPN Vulnerability

AndyC 20 December 2025
Nigeria Arrests RaccoonO365 Phishing Developer Linked to Microsoft 365 Attacks

Nigeria Arrests RaccoonO365 Phishing Developer Linked to Microsoft 365 Attacks

AndyC 20 December 2025
New UEFI Flaw Enables Early-Boot DMA Attacks on ASRock, ASUS, GIGABYTE, MSI Motherboards

New UEFI Flaw Enables Early-Boot DMA Attacks on ASRock, ASUS, GIGABYTE, MSI Motherboards

AndyC 20 December 2025
China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware

China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware

AndyC 19 December 2025
HPE OneView Flaw Rated CVSS 10.0 Allows Unauthenticated Remote Code Execution

HPE OneView Flaw Rated CVSS 10.0 Allows Unauthenticated Remote Code Execution

AndyC 19 December 2025

You may have missed

Amazon Warns Perncious Fake North Korea IT Worker Threat Has Become Widespread

Randall Munroe’s XKCD ‘Fifteen Years’

AndyC 20 December 2025
Why AppSec Can’t Keep Up With AI-Generated Code

Google Shutting Down Dark Web Report Met with Mixed Reactions

AndyC 20 December 2025
Cracked Software and YouTube Videos Spread CountLoader and GachiLoader Malware

Cracked Software and YouTube Videos Spread CountLoader and GachiLoader Malware

AndyC 20 December 2025
Containing the Inevitable: What Cyber Leaders Must Prepare for in 2026

Containing the Inevitable: What Cyber Leaders Must Prepare for in 2026

AndyC 20 December 2025
Containing the Inevitable: What Cyber Leaders Must Prepare for in 2026

Containing the Inevitable: What Cyber Leaders Must Prepare for in 2026

AndyC 20 December 2025

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.