CVE-2019-13529

Summary

An attacker could send a malicious link to an authenticated operator, which may allow remote attackers to perform actions with the permissions of the user on the Sunny WebBox Firmware Version 1.6 and prior. This device uses IP addresses to maintain communication after a successful login, which would increase the ease of exploitation.

Affected Software

VendorProductVersion RangeStatus
SMA Solar Technology AGSunny WebBoxFirmware Version 1.6 and prioraffected

Weaknesses

  • CWE-352: CROSS-SITE REQUEST FORGERY (CSRF) CWE-352

ADP Enrichment

CVE Program Container

Additional References

References