CVE-2019-13529

HIGH

SMA Sunny WebBox Firmware < 1.6 - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-13529. PoCs published by Borja Merino.

AI-analyzed exploit summary This is a CSRF exploit targeting SMA Solar Technology AG Sunny WebBox devices with firmware version 1.6 or prior. It submits a malicious form to change network settings without user interaction.

Description

An attacker could send a malicious link to an authenticated operator, which may allow remote attackers to perform actions with the permissions of the user on the Sunny WebBox Firmware Version 1.6 and prior. This device uses IP addresses to maintain communication after a successful login, which would increase the ease of exploitation.

Exploits (1)

exploitdb WORKING POC
by Borja Merino · textwebappshardware
https://www.exploit-db.com/exploits/47480

This is a CSRF exploit targeting SMA Solar Technology AG Sunny WebBox devices with firmware version 1.6 or prior. It submits a malicious form to change network settings without user interaction.

Classification
Working Poc 100%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: SMA Solar Technology AG Sunny WebBox (Firmware Version 1.6 and prior)
No auth needed
Prerequisites: Victim must visit a malicious webpage while authenticated to the target device
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://www.us-cert.gov/ics/advisories/icsa-19-281-01

Scores

CVSS v3 8.8
EPSS 0.0223
EPSS Percentile 80.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (1)
sma/sunny_webbox_firmware < 1.6
Published Oct 09, 2019
Tracked Since Feb 18, 2026