CVE-2024-1890

Vulnerability whereby an attacker could send a malicious link to an authenticated operator, which could allow remote attackers to perform a clickjacking attack on Sunny WebBox firmware version 1.6.1 and earlier...

Code injection

An attacker could send a malicious link to an authenticated operator, which may allow remote attackers to perform actions with the permissions of the user on the Sunny WebBox Firmware Version 1.6 and prior. This device uses IP addresses to maintain communication after a successful login, which...

CVE-2019-13529

CVE-2019-13529 affects SMA Solar Technology Sunny WebBox (Firmware 1.6 and prior). The vulnerability is Cross-Site Request Forgery (CSRF) where an attacker entices an authenticated operator to click a malicious link, enabling actions with the user’s permissions. Affected devices use IP-based comm...

CVE-2019-13529

An attacker could send a malicious link to an authenticated operator, which may allow remote attackers to perform actions with the permissions of the user on the Sunny WebBox Firmware Version 1.6 and prior. This device uses IP addresses to maintain communication after a successful login, which...