cvedb.io
CVE-2017-9858
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2017-08-05T17:29:00.647 · Last modified 2026-06-17T01:29:03.880

Summary

An issue was discovered in SMA Solar Technology products. By sending crafted packets to an inverter and observing the response, active and inactive user accounts can be determined. This aids in further attacks (such as a brute force attack) as one now knows exactly which users exist and which do not. NOTE: the vendor's position is that this "is not a security gap per se." Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected

Affected products

sma — sunny_boy_3600_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when sma ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.