EUVD-2021-34684

Malicious code in bioql PyPI...

CVE-2021-4459

An authorized remote attacker can access files and directories outside the intended web root, potentially exposing sensitive system information of the affected Sunny Boy devices...

CVE-2021-4459

An authorized remote attacker can access files and directories outside the intended web root, potentially exposing sensitive system information of the affected Sunny Boy devices...

CVE-2021-4459

CVE-2021-4459 is a directory traversal vulnerability in SMA Sunny Boy inverters. The issue allows an authenticated remote attacker to access files/directories outside the web root, potentially exposing sensitive system information on affected Sunny Boy devices. The CVE is described with the title...

CVE-2021-4459 SMA: Directory Traversal in Sunny Boy <3.10.27.R

An authorized remote attacker can access files and directories outside the intended web root, potentially exposing sensitive system information of the affected Sunny Boy devices...

SMA Solar Technology AG Sunny Boy 安全漏洞

SMA Solar Technology AG Sunny Boy is a photovoltaic inverter from SMA Solar Technology AG, Germany. A security vulnerability exists in the SMA Solar Technology AG Sunny Boy that stems from improper access control and could lead to the disclosure of sensitive system information...

PT-2025-34841 · Sma Solar Technology · Sunny Boy

Name of the Vulnerable Software and Affected Versions: Sunny Boy affected versions not specified Description: An authorized remote attacker can access files and directories outside the intended web root, potentially exposing sensitive system information of the affected devices. Recommendations: A...

CVE-2017-9853

An issue was discovered in SMA Solar Technology products. All inverters have a very weak password policy for the user and installer password. No complexity requirements or length requirements are set. Also, strong passwords are impossible due to a maximum of 12 characters and a limited set of...

CVE-2017-9854

An issue was discovered in SMA Solar Technology products. By sniffing for specific packets on the localhost, plaintext passwords can be obtained as they are typed into Sunny Explorer by the user. These passwords can then be used to compromise the overall device. NOTE: the vendor reports that...

CVE-2017-9855

An issue was discovered in SMA Solar Technology products. A secondary authentication system is available for Installers called the Grid Guard system. This system uses predictable codes, and a single Grid Guard code can be used on any SMA inverter. Any such code, when combined with the installer...

CVE-2017-9857

An issue was discovered in SMA Solar Technology products. The SMAdata2+ communication protocol does not properly use authentication with encryption: it is vulnerable to man in the middle, packet injection, and replay attacks. Any setting change, authentication packet, scouting packet, etc. can be...

CVE-2017-9858

An issue was discovered in SMA Solar Technology products. By sending crafted packets to an inverter and observing the response, active and inactive user accounts can be determined. This aids in further attacks such as a brute force attack as one now knows exactly which users exist and which do no...

CVE-2017-9859

An issue was discovered in SMA Solar Technology products. The inverters make use of a weak hashing algorithm to encrypt the password for REGISTER requests. This hashing algorithm can be cracked relatively easily. An attacker will likely be able to crack the password using offline crackers. This...

CVE-2017-9861

An issue was discovered in SMA Solar Technology products. The SIP implementation does not properly use authentication with encryption: it is vulnerable to replay attacks, packet injection attacks, and man in the middle attacks. An attacker is able to successfully use SIP to communicate with the...

CVE-2017-9862

An issue was discovered in SMA Solar Technology products. When signed into Sunny Explorer with a wrong password, it is possible to create a debug report, disclosing information regarding the application and allowing the attacker to create and save a .txt file with contents to his liking. An...

CVE-2017-9863

An issue was discovered in SMA Solar Technology products. If a user simultaneously has Sunny Explorer running and visits a malicious host, cross-site request forgery can be used to change settings in the inverters for example, issuing a POST request to change the user password. All Sunny Explorer...

CVE-2017-9864

An issue was discovered in SMA Solar Technology products. An attacker can change the plant time even when not authenticated in any way. This changes the system time, possibly affecting lockout policies and random-number generators based on timestamps, and makes timestamps for data analysis...

Design/Logic Flaw

DISPUTED An issue was discovered in SMA Solar Technology products. By sniffing for specific packets on the localhost, plaintext passwords can be obtained as they are typed into Sunny Explorer by the user. These passwords can then be used to compromise the overall device. NOTE: the vendor reports...

Design/Logic Flaw

DISPUTED An issue was discovered in SMA Solar Technology products. By sending nonsense data or setting up a TELNET session to the database port of Sunny Explorer, the application can be crashed. NOTE: the vendor reports that the maximum possible damage is a communication failure. Also, only Sunny...

Authentication flaw

DISPUTED An issue was discovered in SMA Solar Technology products. A secondary authentication system is available for Installers called the Grid Guard system. This system uses predictable codes, and a single Grid Guard code can be used on any SMA inverter. Any such code, when combined with the...