CVE-2021-46416

Опубликовано: 07 апр. 2022

Источник: nvd

CVSS3: 8.1

CVSS2: 5.5

EPSS Низкий

Описание

Insecure direct object reference in SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R leads to unauthorized user groups accessing due to insecure cookie handling.

Ссылки

http://packetstormsecurity.com/files/166670/SAM-SUNNY-TRIPOWER-5.0-Insecure-Direct-Object-Reference.html
Exploit
Third Party Advisory
VDB Entry
https://drive.google.com/drive/folders/1BPULhDC_g__seH_VnQlVtkrKdOLkXdzV?usp=sharing
Exploit
Third Party Advisory
https://www.sma.de/en/products/solarinverters/sunny-tripower-30-40-50-60.html
Product
Vendor Advisory
http://packetstormsecurity.com/files/166670/SAM-SUNNY-TRIPOWER-5.0-Insecure-Direct-Object-Reference.html
Exploit
Third Party Advisory
VDB Entry
https://drive.google.com/drive/folders/1BPULhDC_g__seH_VnQlVtkrKdOLkXdzV?usp=sharing
Exploit
Third Party Advisory
https://www.sma.de/en/products/solarinverters/sunny-tripower-30-40-50-60.html
Product
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:sma:sunny_tripower_firmware:3.10.16.r:*:*:*:*:*:*:*

cpe:2.3:h:sma:sunny_tripower:5.0:*:*:*:*:*:*:*

EPSS

Процентиль: 91%

0.06286

Низкий

8.1 High

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-639

Связанные уязвимости

GHSA-468h-qqc5-v34c