{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-08T14:13:58.421","vulnerabilities":[{"cve":{"id":"CVE-2019-13529","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2019-10-09T16:15:14.310","lastModified":"2024-11-21T04:25:05.087","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An attacker could send a malicious link to an authenticated operator, which may allow remote attackers to perform actions with the permissions of the user on the Sunny WebBox Firmware Version 1.6 and prior. This device uses IP addresses to maintain communication after a successful login, which would increase the ease of exploitation."},{"lang":"es","value":"Un atacante podría enviar un enlace malicioso a un operador autenticado, lo que puede permitir a atacantes remotos realizar acciones con los permisos del usuario en Sunny WebBox versión de firmware 1.6 y anteriores. Este dispositivo utiliza direcciones IP para mantener la comunicación después de un inicio de sesión con éxito, lo que incrementaría la facilidad de explotación."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sma:sunny_webbox_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.6","matchCriteriaId":"03ADE62A-867D-4F4D-BA85-B0C1B8D9C0A2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sma:sunny_webbox:-:*:*:*:*:*:*:*","matchCriteriaId":"640FCE11-8A7C-4582-BEF5-42C4F3B8DEDA"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/154789/SMA-Solar-Technology-AG-Sunny-WebBox-1.6-Cross-Site-Request-Forgery.html","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory"]},{"url":"https://www.us-cert.gov/ics/advisories/icsa-19-281-01","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://packetstormsecurity.com/files/154789/SMA-Solar-Technology-AG-Sunny-WebBox-1.6-Cross-Site-Request-Forgery.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.us-cert.gov/ics/advisories/icsa-19-281-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}}]}