Sma Solar Technology · Sunny Webbox Firmware · CVE-2019-13529
**Name of the Vulnerable Software and Affected Versions**
Sunny WebBox Firmware versions 1.6 and prior
**Description**
The issue allows remote attackers to perform actions with the permissions of the user. This can be achieved by sending a malicious link to an authenticated operator. The device's use of IP addresses to maintain communication after a successful login increases the ease of exploitation. The vulnerability is related to cross-site request forgery, which may allow a remote attacker to elevate their privileges using a specially crafted malicious link.
**Recommendations**
For Sunny WebBox Firmware versions 1.6 and prior, consider restricting access to the device to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid clicking on links from untrusted sources while logged in to the device. At the moment, there is no information about a newer version that contains a fix for this vulnerability.