VDE-2025-066
Vulnerability from csaf_smasolartechnologyag - Published: 2025-08-27 08:00 - Updated: 2025-08-27 08:00Summary
SMA: Directory Traversal in Sunny Boy
Notes
Summary: A security researcher discovered a Directory Traversal vulnerability in Sunny Boy 3, which allows remote attackers to access sensitive information.
The vulnerability is already fixed since January 2021 with version 3.10.27.R.
Impact: An authenticated user can access files and directories outside the intended web root.
Remediation: Update Firmware to at least version 3.10.27.R.
An authorized remote attacker can access files and directories outside the intended web root, potentially exposing sensitive system information of the affected Sunny Boy devices.
6.5 (Medium)
Vendor Fix
Update Firmware to version 3.10.27.R or newer.
References
Acknowledgments
CERT@VDE
certvde.com
KOIN Network
Ahmed Alroky
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"names": [
"Ahmed Alroky"
],
"organization": " KOIN Network",
"summary": "reporting"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "A security researcher discovered a Directory Traversal vulnerability in Sunny Boy 3, which allows remote attackers to access sensitive information. \nThe vulnerability is already fixed since January 2021 with version 3.10.27.R. ",
"title": "Summary"
},
{
"category": "description",
"text": "An authenticated user can access files and directories outside the intended web root.",
"title": "Impact"
},
{
"category": "description",
"text": "Update Firmware to at least version 3.10.27.R.",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "information-security@sma.de",
"name": "SMA Solar Technology AG",
"namespace": "https://sma.de"
},
"references": [
{
"category": "external",
"summary": "SMA PSIRT",
"url": "https://www.sma.de/cybersicherheit/produktsicherheit"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for SMA",
"url": "https://certvde.com/en/advisories/vendor/sma/"
},
{
"category": "self",
"summary": "VDE-2025-066: SMA: Directory Traversal in Sunny Boy - HTML",
"url": "https://certvde.com/en/advisories/VDE-2025-066"
},
{
"category": "self",
"summary": "VDE-2025-066: SMA: Directory Traversal in Sunny Boy - CSAF",
"url": "https://sma.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-066.json"
}
],
"title": "SMA: Directory Traversal in Sunny Boy",
"tracking": {
"aliases": [
"VDE-2025-066"
],
"current_release_date": "2025-08-27T08:00:00.000Z",
"generator": {
"date": "2025-08-21T09:10:39.333Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.33"
}
},
"id": "VDE-2025-066",
"initial_release_date": "2025-08-27T08:00:00.000Z",
"revision_history": [
{
"date": "2025-08-27T08:00:00.000Z",
"number": "1.0.0",
"summary": "Initial revision."
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Sunny Boy 3.0",
"product": {
"name": "Sunny Boy 3.0",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"model_numbers": [
"SB3.0-1AV-41"
]
}
}
},
{
"category": "product_name",
"name": "Sunny Boy 3.6",
"product": {
"name": "Sunny Boy 3.6",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"model_numbers": [
"SB3.6-1AV-41"
]
}
}
},
{
"category": "product_name",
"name": "Sunny Boy 4.0",
"product": {
"name": "Sunny Boy 4.0",
"product_id": "CSAFPID-11003",
"product_identification_helper": {
"model_numbers": [
"SB4.0-1AV-41"
]
}
}
},
{
"category": "product_name",
"name": "Sunny Boy 5.0",
"product": {
"name": "Sunny Boy 5.0",
"product_id": "CSAFPID-11004",
"product_identification_helper": {
"model_numbers": [
"SB5.0-1AV-41"
]
}
}
},
{
"category": "product_name",
"name": "Sunny Boy 6.0",
"product": {
"name": "Sunny Boy 6.0",
"product_id": "CSAFPID-11005",
"product_identification_helper": {
"model_numbers": [
"SB6.0-1AV-41"
]
}
}
}
],
"category": "product_family",
"name": "Sony Boy"
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c3.10.27.R",
"product": {
"name": "Firmware \u003c3.10.27.R",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version",
"name": "3.10.27.R",
"product": {
"name": "Firmware 3.10.27.R",
"product_id": "CSAFPID-22001"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "SMA Solar Technology AG"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
],
"summary": "Affected products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005"
],
"summary": "Fixed products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.10.27.R installed on Sunny Boy 3.0",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.10.27.R installed on Sunny Boy 3.6",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.10.27.R installed on Sunny Boy 4.0",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.10.27.R installed on Sunny Boy 5.0",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.10.27.R installed on Sunny Boy 6.0",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.10.27.R installed on Sunny Boy 3.0",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.10.27.R installed on Sunny Boy 3.6",
"product_id": "CSAFPID-32002"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.10.27.R installed on Sunny Boy 4.0",
"product_id": "CSAFPID-32003"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.10.27.R installed on Sunny Boy 5.0",
"product_id": "CSAFPID-32004"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.10.27.R installed on Sunny Boy 6.0",
"product_id": "CSAFPID-32005"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11005"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-4459",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "An authorized remote attacker can access files and directories outside the intended web root, potentially exposing sensitive system information of the affected Sunny Boy devices. ",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update Firmware to version 3.10.27.R or newer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005"
]
}
],
"title": "CVE-2021-4459"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…