Sunny Boy 3000tl Firmware Security Vulnerabilities and Issues — Sunny Boy 3000tl Firmware CVE List

Lucene search

SmaSunny Boy 3000tl Firmware

7 matches found

CVE•added 2017/08/05 5:29 p.m.•88 views

CVE-2017-9856

An issue was discovered in SMA Solar Technology products. Sniffed passwords from SMAdata2+ communication can be decrypted very easily. The passwords are "encrypted" using a very simple encryption algorithm. This enables an attacker to find the plaintext passwords and authenticate to the device. NOT...

9.8CVSS9.2AI score0.00176EPSS

CVE•added 2017/08/05 5:29 p.m.•50 views

CVE-2017-9861

An issue was discovered in SMA Solar Technology products. The SIP implementation does not properly use authentication with encryption: it is vulnerable to replay attacks, packet injection attacks, and man in the middle attacks. An attacker is able to successfully use SIP to communicate with the dev...

9.8CVSS9.4AI score0.00159EPSS

CVE•added 2017/08/05 5:29 p.m.•49 views

CVE-2017-9854

An issue was discovered in SMA Solar Technology products. By sniffing for specific packets on the localhost, plaintext passwords can be obtained as they are typed into Sunny Explorer by the user. These passwords can then be used to compromise the overall device. NOTE: the vendor reports that exploi...

9.8CVSS9.2AI score0.00171EPSS

CVE•added 2017/08/05 5:29 p.m.•48 views

CVE-2017-9853

An issue was discovered in SMA Solar Technology products. All inverters have a very weak password policy for the user and installer password. No complexity requirements or length requirements are set. Also, strong passwords are impossible due to a maximum of 12 characters and a limited set of chara...

9.8CVSS9.3AI score0.00327EPSS

CVE•added 2017/08/05 5:29 p.m.•42 views

CVE-2017-9855

An issue was discovered in SMA Solar Technology products. A secondary authentication system is available for Installers called the Grid Guard system. This system uses predictable codes, and a single Grid Guard code can be used on any SMA inverter. Any such code, when combined with the installer acc...

9.8CVSS9.4AI score0.00439EPSS

CVE•added 2017/08/05 5:29 p.m.•42 views

CVE-2017-9859

An issue was discovered in SMA Solar Technology products. The inverters make use of a weak hashing algorithm to encrypt the password for REGISTER requests. This hashing algorithm can be cracked relatively easily. An attacker will likely be able to crack the password using offline crackers. This cra...

9.8CVSS9.2AI score0.00171EPSS

CVE•added 2017/08/05 5:29 p.m.•41 views

CVE-2017-9852

An Incorrect Password Management issue was discovered in SMA Solar Technology products. Default passwords exist that are rarely changed. User passwords will almost always be default. Installer passwords are expected to be default or similar across installations installed by the same company (but ar...

9.8CVSS9.6AI score0.00327EPSS