Victor Fidalgo

**Name of the Vulnerable Software and Affected Versions** Sunny WebBox Firmware versions 1.6 and prior **Description** The issue allows remote attackers to perform actions with the permissions of the user. This can be achieved by sending a malicious link to an authenticated operator. The device's use of IP addresses to maintain communication after a successful login increases the ease of exploitation. The vulnerability is related to cross-site request forgery, which may allow a remote attacker to elevate their privileges using a specially crafted malicious link. **Recommendations** For Sunny WebBox Firmware versions 1.6 and prior, consider restricting access to the device to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid clicking on links from untrusted sources while logged in to the device. At the moment, there is no information about a newer version that contains a fix for this vulnerability.