An issue was discovered in SMA Solar Technology products. By sending crafted packets to an inverter and observing the response, active and inactive user accounts can be determined. This aids in further attacks (such as a brute force attack) as one now knows exactly which users exist and which do not. NOTE: the vendor's position is that this "is not a security gap per se." Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-08-05T17:00:00

Updated: 2024-08-05T17:18:02.106Z

Reserved: 2017-06-24T00:00:00

Link: CVE-2017-9858

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2017-08-05T17:29:00.647

Modified: 2024-11-21T03:37:00.853

Link: CVE-2017-9858

cve-icon Redhat

No data.