CVE-2024-11025
MEDIUMSMA Sunny Central Storage < 10.01.18.R - Authenticated SQL Injection via Administration Panel
Title source: llmDescription
An authenticated attacker with low privileges may use a SQL Injection vulnerability in the affected products administration panel to gain read and write access to a specific log file of the device.
References (1)
Core 1
Core References
Various Sources
https://certvde.com/en/advisories/VDE-2024-074
Scores
CVSS v3
5.4
EPSS
0.0024
EPSS Percentile
14.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-89
Status
published
Products (50)
SMA/Sunny Central SC 1760-US
< 10.01.18.R
SMA/Sunny Central SC 1850-US
< 10.01.18.R
SMA/Sunny Central SC 2000 EV-US
< 10.01.18.R
SMA/Sunny Central SC 2000-US
< 10.01.18.R
SMA/Sunny Central SC 2200-US
< 10.01.18.R
SMA/Sunny Central SC 2500 EV-US
< 10.01.18.R
SMA/Sunny Central SC 2660 UP
< 10.01.18.R
SMA/Sunny Central SC 2660 UP-US
< 10.01.18.R
SMA/Sunny Central SC 2750 EV-US
< 10.01.18.R
SMA/Sunny Central SC 2750 UP-US
< 10.01.18.R
... and 40 more
Published
Nov 27, 2024
Tracked Since
Feb 18, 2026