CVE-2017-9858

Name of the Vulnerable Software and Affected Versions SMA Solar Technology products, specifically Sunny Boy TLST-21, TL-21, and Sunny Tripower TL-10, TL-30

Description An issue in SMA Solar Technology products allows determination of active and inactive user accounts by sending crafted packets to an inverter and observing the response. This information can aid in further attacks, such as brute force attacks, by identifying existing user accounts.

Recommendations For Sunny Boy TLST-21, TL-21, and Sunny Tripower TL-10, TL-30, consider implementing additional security measures to prevent brute force attacks, such as account lockout policies or rate limiting on login attempts, until a more comprehensive solution is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.