CVE-2017-9860
The CVE concerns SMA Solar Technology inverters (Sunny Boy TLST-21/TL-21 and Sunny Tripower TL-10/TL-30). A lack of authentication allows firmware updates via Sunny Explorer or the SMAdata2+ protocol, enabling a forged firmware version to be accepted and the inverter to be fully compromised (poss...