CRITICAL🇵🇱 Wersja polska

CVE-2017-9860

CVSS 9.8v3.0pub. 2017-08-05upd. 2026-05-13

An issue was discovered in SMA Solar Technology products. An attacker can use Sunny Explorer or the SMAdata2+ network protocol to update the device firmware without ever having to authenticate. If an attacker is able to create a custom firmware version that is accepted by the inverter, the inverter is compromised completely. This allows the attacker to do nearly anything: for example, giving access to the local OS, creating a botnet, using the inverters as a stepping stone into companies, etc. NOTE: the vendor reports that this attack has always been blocked by "a final integrity and compatibility check." Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Sma Sunny Boy 1.5

    HW
    Sma
    wszystkie wersje
  • Sma Sunny Boy 1.5 Firmware

    OS
    Sma
    wszystkie wersje
  • Sma Sunny Boy 2.5

    HW
    Sma
    wszystkie wersje
  • Sma Sunny Boy 2.5 Firmware

    OS
    Sma
    wszystkie wersje
  • Sma Sunny Boy 3.0

    HW
    Sma
    wszystkie wersje
  • Sma Sunny Boy 3000tl

    HW
    Sma
    wszystkie wersje
  • Sma Sunny Boy 3000tl Firmware

    OS
    Sma
    wszystkie wersje
  • Sma Sunny Boy 3.0 Firmware

    OS
    Sma
    wszystkie wersje
  • Sma Sunny Boy 3.6

    HW
    Sma
    wszystkie wersje
  • Sma Sunny Boy 3600

    HW
    Sma
    wszystkie wersje
  • Sma Sunny Boy 3600 Firmware

    OS
    Sma
    wszystkie wersje
  • Sma Sunny Boy 3600tl

    HW
    Sma
    wszystkie wersje
  • Sma Sunny Boy 3600tl Firmware

    OS
    Sma
    wszystkie wersje
  • Sma Sunny Boy 3.6 Firmware

    OS
    Sma
    wszystkie wersje
  • Sma Sunny Boy 4.0

    HW
    Sma
    wszystkie wersje
  • Sma Sunny Boy 4000tl

    HW
    Sma
    wszystkie wersje
  • Sma Sunny Boy 4000tl Firmware

    OS
    Sma
    wszystkie wersje
  • Sma Sunny Boy 4.0 Firmware

    OS
    Sma
    wszystkie wersje
  • Sma Sunny Boy 5.0

    HW
    Sma
    wszystkie wersje
  • Sma Sunny Boy 5000

    HW
    Sma
    wszystkie wersje
  • Sma Sunny Boy 5000 Firmware

    OS
    Sma
    wszystkie wersje
  • Sma Sunny Boy 5000tl

    HW
    Sma
    wszystkie wersje
  • Sma Sunny Boy 5000tl Firmware

    OS
    Sma
    wszystkie wersje
  • Sma Sunny Boy 5.0 Firmware

    OS
    Sma
    wszystkie wersje
  • Sma Sunny Boy Storage 2.5

    HW
    Sma
    wszystkie wersje
  • Sma Sunny Boy Storage 2.5 Firmware

    OS
    Sma
    wszystkie wersje
  • Sma Sunny Central 1000cp Xt

    HW
    Sma
    wszystkie wersje
  • Sma Sunny Central 1000cp Xt Firmware

    OS
    Sma
    wszystkie wersje
  • Sma Sunny Central 2200

    HW
    Sma
    wszystkie wersje
  • Sma Sunny Central 2200 Firmware

    OS
    Sma
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2017-9852CRITICAL9.8ten sam produkt

An Incorrect Password Management issue was discovered in SMA Solar Technology products. Default passwords exis...

CVE-2017-9854CRITICAL9.8ten sam produkt

An issue was discovered in SMA Solar Technology products. By sniffing for specific packets on the localhost, p...

CVE-2017-9855CRITICAL9.8ten sam produkt

An issue was discovered in SMA Solar Technology products. A secondary authentication system is available for I...

CVE-2017-9853CRITICAL9.8ten sam produkt

An issue was discovered in SMA Solar Technology products. All inverters have a very weak password policy for t...

CVE-2017-9859CRITICAL9.8ten sam produkt

An issue was discovered in SMA Solar Technology products. The inverters make use of a weak hashing algorithm t...