An attacker could send a malicious link to an authenticated operator, which may allow remote attackers to perform actions with the permissions of the user on the Sunny WebBox Firmware Version 1.6 and prior. This device uses IP addresses to maintain communication after a successful login, which would increase the ease of exploitation.

Project Subscriptions

Vendors Products
Sunny Webbox Subscribe
Sunny Webbox Firmware Subscribe
Advisories
Source ID Title
EUVD EUVD EUVD-2019-4984 An attacker could send a malicious link to an authenticated operator, which may allow remote attackers to perform actions with the permissions of the user on the Sunny WebBox Firmware Version 1.6 and prior. This device uses IP addresses to maintain communication after a successful login, which would increase the ease of exploitation.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Mon, 13 Jul 2026 17:30:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2026-07-13T16:27:49.134Z

Reserved: 2019-07-11T00:00:00.000Z

Link: CVE-2019-13529

cve-icon Vulnrichment

Updated: 2024-08-04T23:57:39.443Z

cve-icon NVD

Status : Modified

Published: 2019-10-09T16:15:14.310

Modified: 2026-06-17T02:16:55.020

Link: CVE-2019-13529

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses