Published: 09/10/2019 Updated: 15/10/2019

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

An attacker could send a malicious link to an authenticated operator, which may allow remote malicious users to perform actions with the permissions of the user on the Sunny WebBox Firmware Version 1.6 and prior. This device uses IP addresses to maintain communication after a successful login, which would increase the ease of exploitation.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sma sunny_webbox_firmware

# Exploit Title: SMA Solar Technology AG Sunny WebBox device - 16 - Cross-Site Request Forgery # Date: 2019-10-08 # Exploit Author: Borja Merino and Eduardo Villaverde # Vendor Homepage: wwwsmade # Version: Firmware Version 16 and prior # Tested on: Sunny WebBox SMA Solar Device (Firmware Version 16) # CVE : CVE-2019-13529 # ICS-Cert A ...

SMA Solar Technology AG Sunny WebBox device version 16 suffers from a cross site request forgery vulnerability ...

CWE-352 https://www.us-cert.gov/ics/advisories/icsa-19-281-01 http://packetstormsecurity.com/files/154789/SMA-Solar-Technology-AG-Sunny-WebBox-1.6-Cross-Site-Request-Forgery.html https://nvd.nist.gov https://www.exploit-db.com/exploits/47480

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-13529

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect