3 matches found
Cross site request forgery (csrf)
DISPUTED An issue was discovered in SMA Solar Technology products. If a user simultaneously has Sunny Explorer running and visits a malicious host, cross-site request forgery can be used to change settings in the inverters for example, issuing a POST request to change the user password. All Sunny...
CVE-2017-9863
An issue was discovered in SMA Solar Technology products. If a user simultaneously has Sunny Explorer running and visits a malicious host, cross-site request forgery can be used to change settings in the inverters for example, issuing a POST request to change the user password. All Sunny Explorer...
CVE-2017-9863
SMA Solar Technology Sunny Explorer-related CSRF vulnerability (CVE-2017-9863) affects Sunny Boy TLST-21/TL-21 and Sunny Tripower TL-10/TL-30. When a user runs Sunny Explorer and visits a malicious host, an unauthenticated attacker can exploit cross-site request forgery to change inverter setting...