CVE-2019-13529

Name of the Vulnerable Software and Affected Versions Sunny WebBox Firmware versions 1.6 and prior

Description The issue allows remote attackers to perform actions with the permissions of the user. This can be achieved by sending a malicious link to an authenticated operator. The device's use of IP addresses to maintain communication after a successful login increases the ease of exploitation. The vulnerability is related to cross-site request forgery, which may allow a remote attacker to elevate their privileges using a specially crafted malicious link.

Recommendations For Sunny WebBox Firmware versions 1.6 and prior, consider restricting access to the device to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid clicking on links from untrusted sources while logged in to the device. At the moment, there is no information about a newer version that contains a fix for this vulnerability.