Primary

Context

SMA Sunny Boy Directory Traversal Vulnerability Allowing Unauthorized File Access

Vulnerability

Patched

A directory traversal vulnerability has been identified in SMA Sunny Boy inverter models 3.0, 3.6, 4.0, 5.0, and 6.0, all versions prior to 3.10.27.R. This vulnerability allows authorized remote attackers to access files and directories outside the intended web root, potentially exposing sensitive system information from the affected devices.

Impact

Exploitation of this vulnerability allows authenticated users to access restricted files and directories, potentially leading to the disclosure of sensitive system information.

Remediation

Users are advised to update the firmware to version 3.10.27.R or later.

Added: Aug 27, 2025, 8:16 AM

Updated: Aug 27, 2025, 8:16 AM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

3.3

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

3.3

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SMA Sunny Boy Directory Traversal Vulnerability Allowing Unauthorized File Access

Vulnerability

Impact

Remediation

Affected Products

SMA Sunny Boy 3.0

SMA Sunny Boy 3.6

SMA Sunny Boy 4.0

SMA Sunny Boy 5.0

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating