CVE-2019-13529

HIGH

SMA Sunny Webbox Firmware < 1.6 - CSRF

Title source: rule

Description

An attacker could send a malicious link to an authenticated operator, which may allow remote attackers to perform actions with the permissions of the user on the Sunny WebBox Firmware Version 1.6 and prior. This device uses IP addresses to maintain communication after a successful login, which would increase the ease of exploitation.

Exploits (1)

exploitdb WORKING POC

by Borja Merino · textwebappshardware

https://www.exploit-db.com/exploits/47480

View Code ZIP pw:eip

References (2)

[Third Party Advisory, US Government Resource] https://www.us-cert.gov/ics/advisories/icsa-19-281-01

[Third Party Advisory] http://packetstormsecurity.com/files/154789/SMA-Solar-Technology-AG-Sunny-WebBox-1.6-Cross-Site-Request-Forgery.html

Scores

CVSS v3 8.8

EPSS 0.0015

EPSS Percentile 35.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-352

Status published

Products (1)

sma/sunny_webbox_firmware < 1.6

Published Oct 09, 2019

Tracked Since Feb 18, 2026