CVE-2024-11025

SMA: SQL injection in Sunny Central UP

Description

An authenticated attacker with low privileges may use a SQL Injection vulnerability in the affected products administration panel to gain read and write access to a specific log file of the device.

References

Link	Tags
https://certvde.com/en/advisories/VDE-2024-074

Frequently Asked Questions

What is the severity of CVE-2024-11025?: CVE-2024-11025 has been scored as a medium severity vulnerability.
How to fix CVE-2024-11025?: To fix CVE-2024-11025, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-11025 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-11025 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-11025?: CVE-2024-11025 affects SMA Sunny Central SC 1760-US, SMA Sunny Central SC 1850-US, SMA Sunny Central SC 2000 EV-US, SMA Sunny Central SC 2000-US, SMA Sunny Central SC-2200-10, SMA Sunny Central SC 2200-US, SMA Sunny Central SC-2475-10, SMA Sunny Central SC 2500 EV-US, SMA Sunny Central SC 2660 UP, SMA Sunny Central SC 2660 UP-US, SMA Sunny Central SC 2750 EV-US, SMA Sunny Central SC 2750 UP-US, SMA Sunny Central SC 2800 UP, SMA Sunny Central SC 2800 UP-US, SMA Sunny Central SC 2930 UP, SMA Sunny Central SC 2930 UP-US, SMA Sunny Central SC 3060 UP, SMA Sunny Central SC 3060 UP-US, SMA Sunny Central SC 4000 UP, SMA Sunny Central SC 4000 UP-US, SMA Sunny Central SC 4200 UP, SMA Sunny Central SC 4200 UP-US, SMA Sunny Central SC 4400 UP, SMA Sunny Central SC 4400 UP-JP, SMA Sunny Central SC 4400 UP-US, SMA Sunny Central SC 4600 UP, SMA Sunny Central SC 4600 UP-US, SMA Sunny Central Storage SCS-1900-10, SMA Sunny Central Storage SCS-2200-10, SMA Sunny Central Storage SCS 2300 UP-XT, SMA Sunny Central Storage SCS 2300 UP-XT-US, SMA Sunny Central Storage SCS 2400 UP-XT, SMA Sunny Central Storage SCS 2400 UP-XT-US, SMA Sunny Central Storage SCS-2475-10, SMA Sunny Central Storage SCS 2530 UP-XT, SMA Sunny Central Storage SCS 2530 UP-XT-US, SMA Sunny Central Storage SCS 2630 UP-XT, SMA Sunny Central Storage SCS 2630 UP-XT-US, SMA Sunny Central Storage SCS-2900-10, SMA Sunny Central Storage SCS 3450 UP, SMA Sunny Central Storage SCS 3450 UP-US, SMA Sunny Central Storage SCS 3450 UP-XT, SMA Sunny Central Storage SCS 3450 UP-XT-JP, SMA Sunny Central Storage SCS 3450 UP-XT-US, SMA Sunny Central Storage SCS 3600 UP, SMA Sunny Central Storage SCS 3600 UP-US, SMA Sunny Central Storage SCS 3600 UP-XT, SMA Sunny Central Storage SCS 3600 UP-XT-US, SMA Sunny Central Storage SCS 3800 UP, SMA Sunny Central Storage SCS 3800 UP-US, SMA Sunny Central Storage SCS 3800 UP-XT, SMA Sunny Central Storage SCS 3800 UP-XT-US, SMA Sunny Central Storage SCS 3950 UP, SMA Sunny Central Storage SCS 3950 UP-US, SMA Sunny Central Storage SCS 3950 UP-XT, SMA Sunny Central Storage SCS 3950 UP-XT-US.

Description

Category

CWE-89 – Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

References

Frequently Asked Questions