CVE-2017-9861

CRITICAL

SMA Sunny Boy and Sunny Tripower Firmware - Unauthenticated SIP Replay and Packet Injection

Title source: llm
STIX 2.1

Description

An issue was discovered in SMA Solar Technology products. The SIP implementation does not properly use authentication with encryption: it is vulnerable to replay attacks, packet injection attacks, and man in the middle attacks. An attacker is able to successfully use SIP to communicate with the device from anywhere within the LAN. An attacker may use this to crash the device, stop it from communicating with the SMA servers, exploit known SIP vulnerabilities, or find sensitive information from the SIP communications. Furthermore, because the SIP communication channel is unencrypted, an attacker capable of understanding the protocol can eavesdrop on communications. For example, passwords can be extracted. NOTE: the vendor's position is that authentication with encryption is not required on an isolated subnetwork. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected

References (3)

Core 3

Scores

CVSS v3 9.8
EPSS 0.0141
EPSS Percentile 69.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-74
Status published
Products (39)
sma/sunny_boy_1.5_firmware
sma/sunny_boy_2.5_firmware
sma/sunny_boy_3.0_firmware
sma/sunny_boy_3.6_firmware
sma/sunny_boy_3000tl_firmware
sma/sunny_boy_3600_firmware
sma/sunny_boy_3600tl_firmware
sma/sunny_boy_4.0_firmware
sma/sunny_boy_4000tl_firmware
sma/sunny_boy_5.0_firmware
... and 29 more
Published Aug 05, 2017
Tracked Since Feb 18, 2026