Zurück zur CVE-Übersicht
CVE-2021-46416
HIGH(8.1)CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Risk Signal Score22/100 — NIEDRIG
- CVSS 8.1 — Hoch
EPSS-Score
7%
Exploit-Wahrscheinlichkeit (30 Tage)
CVSS Score
8.1
Technische Schwere
Beschreibung
Insecure direct object reference in SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R leads to unauthorized user groups accessing due to insecure cookie handling.
Referenzen
- http://packetstormsecurity.com/files/166670/SAM-SUNNY-TRIPOWER-5.0-Insecure-Dire...
- https://drive.google.com/drive/folders/1BPULhDC_g__seH_VnQlVtkrKdOLkXdzV?usp=sha...
- https://www.sma.de/en/products/solarinverters/sunny-tripower-30-40-50-60.html
- http://packetstormsecurity.com/files/166670/SAM-SUNNY-TRIPOWER-5.0-Insecure-Dire...
- https://drive.google.com/drive/folders/1BPULhDC_g__seH_VnQlVtkrKdOLkXdzV?usp=sha...
- https://www.sma.de/en/products/solarinverters/sunny-tripower-30-40-50-60.html
- http://packetstormsecurity.com/files/166670/SAM-SUNNY-TRIPOWER-5.0-Insecure-Dire...