CVE-2021-4459 | THREATINT

Description

An authorized remote attacker can access files and directories outside the intended web root, potentially exposing sensitive system information of the affected Sunny Boy devices.

PUBLISHED Reserved 2025-07-18 | Published 2025-08-27 | Updated 2025-08-27 | Assigner CERTVDE

MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-23 Relative Path Traversal

Product status

Default status

unaffected

0.0.0 (custom) before 3.10.27.R

affected

Default status

unaffected

0.0.0 (custom) before 3.10.27.R

affected

Default status

unaffected

0.0.0 (custom) before 3.10.27.R

affected

Default status

unaffected

0.0.0 (custom) before 3.10.27.R

affected

Default status

unaffected

0.0.0 (custom) before 3.10.27.R

affected

Credits

Ahmed Alroky from KOIN Network finder

References

certvde.com/en/advisories/VDE-2025-066

cve.org (CVE-2021-4459)

nvd.nist.gov (CVE-2021-4459)

Download JSON

help @ threatint.eu