1.61

CVSS 5.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

sma

NVD

Published: 2024-02-26

Updated: 2025-03-11

Summary

Vulnerability whereby an attacker could send a malicious link to an authenticated operator, which could allow remote attackers to perform a clickjacking attack on Sunny WebBox firmware version 1.6.1 and earlier.

Vulnerable Configurations

Part	Description	Count
OS	Sma SMA Sunny Webbox Firmware 1.6 SMA Sunny Webbox Firmware 1.61	2
Hardware	Sma SMA Sunny Webbox *	1

References

https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-sma-products
https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-sma-products