cbcvebase.
CVE-2019-13529
published 2019-10-09

CVE-2019-13529: An attacker could send a malicious link to an authenticated operator, which may allow remote attackers to perform actions with the permissions of the user on…

PriorityP355high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EXPLOIT
EPSS
2.23%
80.5th percentile
An attacker could send a malicious link to an authenticated operator, which may allow remote attackers to perform actions with the permissions of the user on the Sunny WebBox Firmware Version 1.6 and prior. This device uses IP addresses to maintain communication after a successful login, which would increase the ease of exploitation.

Affected

2 ranges
VendorProductVersion rangeFixed in
smasunny_webbox_firmware<= 1.6
sma_solar_technology_agsunny_webbox

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.