CVE-2021-4459

Summary

An authorized remote attacker can access files and directories outside the intended web root, potentially exposing sensitive system information of the affected Sunny Boy devices.

Affected Software

VendorProductVersion RangeStatus
SMABoy 3.00.0.0 < 3.10.27.Raffected
SMABoy 3.60.0.0 < 3.10.27.Raffected
SMABoy 4.00.0.0 < 3.10.27.Raffected
SMABoy 5.00.0.0 < 3.10.27.Raffected
SMABoy 6.00.0.0 < 3.10.27.Raffected

Weaknesses

  • CWE-23: CWE-23 Relative Path Traversal

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References