PT-2017-19225 · Sma Solar Technology · Tl-30+3
Willem Westerhof
·
Published
2017-08-05
·
Updated
2024-08-05
·
CVE-2017-9859
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
SMA Solar Technology products, specifically Sunny Boy TLST-21, TL-21, Sunny Tripower TL-10, and TL-30 (affected versions not specified)
Description
An issue was discovered in SMA Solar Technology products where the inverters use a weak hashing algorithm to encrypt passwords for REGISTER requests. This hashing algorithm can be cracked relatively easily, allowing an attacker to use offline crackers to obtain the password. The cracked password can then be used to register at the SMA servers.
Recommendations
For Sunny Boy TLST-21, TL-21, Sunny Tripower TL-10, and TL-30, consider changing the password regularly and using a strong password to minimize the risk of exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Use of a Broken Cryptographic Algorithm
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sunny Boy Tlst-21
Sunny Tripower Tl-10
Tl-21
Tl-30