Vulnerabilities > CVE-2024-1890 - Unspecified vulnerability in SMA Cluster Controller Firmware and Sunny Webbox Firmware

CVSS 5.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

sma

NVD

Published: 2024-02-26

Updated: 2025-02-27

Summary

Vulnerability whereby an attacker could send a malicious link to an authenticated operator, which could allow remote attackers to perform a clickjacking attack on Sunny WebBox firmware version 1.6.1 and earlier.

Vulnerable Configurations

Part	Description	Count
OS	Sma SMA Cluster Controller Firmware 01.05.01.R SMA Sunny Webbox Firmware *	2
Hardware	Sma SMA Cluster Controller * SMA Sunny Webbox *	2

References

https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-sma-products
https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-sma-products