Description
An attacker could send a malicious link to an authenticated operator, which may allow remote attackers to perform actions with the permissions of the user on the Sunny WebBox Firmware Version 1.6 and prior. This device uses IP addresses to maintain communication after a successful login, which would increase the ease of exploitation.
Published: 2019-10-09
Score: 8.8 High
EPSS: 2.2% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2019-4984 An attacker could send a malicious link to an authenticated operator, which may allow remote attackers to perform actions with the permissions of the user on the Sunny WebBox Firmware Version 1.6 and prior. This device uses IP addresses to maintain communication after a successful login, which would increase the ease of exploitation.
History

Mon, 13 Jul 2026 17:30:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Subscriptions

Sma Sunny Webbox Sunny Webbox Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2026-07-13T16:27:49.134Z

Reserved: 2019-07-11T00:00:00.000Z

Link: CVE-2019-13529

cve-icon Vulnrichment

Updated: 2024-08-04T23:57:39.443Z

cve-icon NVD

Status : Modified

Published: 2019-10-09T16:15:14.310

Modified: 2026-06-17T02:16:55.020

Link: CVE-2019-13529

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses
  • CWE-352

    Cross-Site Request Forgery (CSRF)