An issue was discovered in SMA Solar Technology products. By sniffing for specific packets on the localhost, plaintext passwords can be obtained as they are typed into Sunny Explorer by the user. These passwords can then be used to compromise the overall device. NOTE: the vendor reports that exploitation likelihood is low because these packets are usually sent only once during installation. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-08-05T17:00:00

Updated: 2024-08-05T17:18:01.938Z

Reserved: 2017-06-24T00:00:00

Link: CVE-2017-9854

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2017-08-05T17:29:00.520

Modified: 2024-11-21T03:36:59.933

Link: CVE-2017-9854

cve-icon Redhat

No data.