CVE-2017-9861

Q: What is the severity of CVE-2017-9861?

CVE-2017-9861 has a CVSS score of 9.8 (CRITICAL). SMA Solar Technology products have a SIP implementation vulnerability that lacks proper authentication and encryption, making them susceptible to replay attacks, packet injection, and man-in-the-middle attacks. Attackers within the LAN can crash devices, disrupt communications, exploit SIP vulnerabilities, or extract sensitive information like passwords. Only Sunny Boy TLST-21/TL-21 and Sunny Tripower TL-10/TL-30 models are potentially affected.

9.8 CRITICAL

📋 TL;DR

SMA Solar Technology products have a SIP implementation vulnerability that lacks proper authentication and encryption, making them susceptible to replay attacks, packet injection, and man-in-the-middle attacks. Attackers within the LAN can crash devices, disrupt communications, exploit SIP vulnerabilities, or extract sensitive information like passwords. Only Sunny Boy TLST-21/TL-21 and Sunny Tripower TL-10/TL-30 models are potentially affected.

💻 Affected Systems

Products:

Sunny Boy TLST-21
Sunny Boy TL-21
Sunny Tripower TL-10
Sunny Tripower TL-30

Versions: All versions with vulnerable SIP implementation

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Vendor states authentication with encryption is not required on isolated subnetworks. Only affects specific models mentioned.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attackers to crash devices, extract passwords, disrupt solar monitoring/control, and potentially exploit other SIP vulnerabilities for further system access.

🟠

Likely Case

Unauthorized access to device communications, password extraction, and potential service disruption through packet injection attacks.

🟢

If Mitigated

Limited impact if devices are properly isolated on secure subnets with strict network segmentation and monitoring.

🌐 Internet-Facing: LOW

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires LAN access but no authentication. Attackers can eavesdrop, inject packets, or replay communications.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified

Vendor Advisory: http://www.sma.de/en/statement-on-cyber-security.html

Restart Required: No

Instructions:

No official patch available. Follow vendor security guidance and implement network isolation controls.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected devices on dedicated, firewalled subnetworks with no internet access

Access Control Lists

all

Implement strict ACLs to limit SIP communication to authorized management systems only

🧯 If You Can't Patch

Implement strict network segmentation to isolate affected devices from untrusted networks
Monitor network traffic for unusual SIP communications and implement intrusion detection

🔍 How to Verify

Check if Vulnerable:

Check device model against affected list and verify SIP communication lacks encryption/authentication

Check Version:

Check device model via SMA monitoring interface or physical device labeling

Verify Fix Applied:

Verify network segmentation is properly implemented and SIP traffic is restricted to authorized systems

📡 Detection & Monitoring

Log Indicators:

Unauthorized SIP connection attempts
Device communication disruptions
Multiple failed authentication attempts

Network Indicators:

Unencrypted SIP traffic to/from affected devices
SIP traffic from unauthorized IP addresses
Unusual packet patterns in SIP communications

SIEM Query:

source_ip IN (affected_device_ips) AND protocol=sip AND (event_type=connection_attempt OR packet_size>threshold)

📊 Metadata

CVE ID: CVE-2017-9861

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-74

Published: August 5, 2017

Last Updated: April 20, 2025

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Sunny Boy 1.5 Firmware by Sma

Sunny Boy 2.5 Firmware by Sma

Sunny Boy 3.0 Firmware by Sma

Sunny Boy 3.6 Firmware by Sma

Sunny Boy 3000tl Firmware by Sma

Sunny Boy 3600 Firmware by Sma

Sunny Boy 3600tl Firmware by Sma

Sunny Boy 4.0 Firmware by Sma

Sunny Boy 4000tl Firmware by Sma

Sunny Boy 5.0 Firmware by Sma

Sunny Boy 5000 Firmware by Sma

Sunny Boy 5000tl Firmware by Sma

Sunny Boy Storage 2.5 Firmware by Sma

Sunny Central 1000cp Xt Firmware by Sma

Sunny Central 2200 Firmware by Sma

Sunny Central 500cp Xt Firmware by Sma

Sunny Central 630cp Xt Firmware by Sma

Sunny Central 720cp Xt Firmware by Sma

Sunny Central 760cp Xt Firmware by Sma

Sunny Central 800cp Xt Firmware by Sma

Sunny Central 850cp Xt Firmware by Sma

Sunny Central 900cp Xt Firmware by Sma

Sunny Central Storage 1000 Firmware by Sma

Sunny Central Storage 2200 Firmware by Sma

Sunny Central Storage 2500 Ev Firmware by Sma

Sunny Central Storage 500 Firmware by Sma

Sunny Central Storage 630 Firmware by Sma

Sunny Central Storage 720 Firmware by Sma

Sunny Central Storage 760 Firmware by Sma

Sunny Central Storage 800 Firmware by Sma

Sunny Central Storage 850 Firmware by Sma

Sunny Central Storage 900 Firmware by Sma

Sunny Tripower 12000tl Firmware by Sma

Sunny Tripower 15000tl Firmware by Sma

Sunny Tripower 20000tl Firmware by Sma

Sunny Tripower 25000tl Firmware by Sma

Sunny Tripower 5000tl Firmware by Sma

Sunny Tripower 60 Firmware by Sma

Sunny Tripower Core1 Firmware by Sma