CVE-2021-34543

HIGH

Solar-Log 500 < 2.8.2 - Unauthenticated Administrative Access

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-34543. PoCs published by Luca.Chiou.

AI-analyzed exploit summary This exploit describes an incorrect access control vulnerability in Solar-Log 500 devices prior to version 2.8.2 Build 52, allowing unauthenticated access to administrative functions via the /lan.html endpoint.

Description

The web administration server in Solar-Log 500 before 2.8.2 Build 52 does not require authentication, which allows remote attackers to gain administrative privileges by connecting to the server. As a result, the attacker can modify configuration files and change the system status. Fixed with 3.0.0-60 11.10.2013 for SL 200, 500, 1000 / not existing for SL 250, 300, 1200, 2000, SL 50 Gateway, SL Base.

Exploits (1)

exploitdb WRITEUP
by Luca.Chiou · textwebappsmultiple
https://www.exploit-db.com/exploits/49986

This exploit describes an incorrect access control vulnerability in Solar-Log 500 devices prior to version 2.8.2 Build 52, allowing unauthenticated access to administrative functions via the /lan.html endpoint.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Solar-Log 500 all versions prior to 2.8.2 Build 52
No auth needed
Prerequisites: Network access to the target device
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory, VDB Entry
https://www.exploit-db.com/exploits/49986
Product, Release Notes, Vendor Advisory
https://www.solar-log.com/en/support/firmware/

Scores

CVSS v3 7.5
EPSS 0.0288
EPSS Percentile 85.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-306
Status published
Products (2)
bkw/solar-log_500_firmware 2.8.2 build_50
bkw/solar-log_500_firmware < 2.8.1
Published Dec 07, 2021
Tracked Since Feb 18, 2026