Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in SMA Solar Technology products. If a user simultaneously has Sunny Explorer running and visits a malicious host, cross-site request forgery can be used to change settings in the inverters (for example, issuing a POST request to change the user password). All Sunny Explorer settings available to the authenticated user are also available to the attacker. (In some cases, this also includes changing settings that the user has no access to.) This may result in complete compromise of the device. NOTE: the vendor reports that exploitation is unlikely because Sunny Explorer is used only rarely. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
SMA Solar Technology Sunny Explorer和inverter 跨站请求伪造漏洞
Vulnerability Description
SMA Solar Technology Sunny Explorer是德国SMA公司的一款光伏设备管理软件。SMA Solar Technology inverter是德国SMA公司的一款光伏逆变器设备。 SMA Solar Technology Sunny Explorer及与Sunny Explorer有关联的inverter中存在跨站请求伪造漏洞。远程攻击者可利用该漏洞更改逆变器的设置。
CVSS Information
N/A
Vulnerability Type
N/A