CISA has published an advisory on a cross-site request forgery vulnerability in SMA Solar Technology AG Sunny WebBox. Versions 1.6 and prior are affected. Successful exploitation of this vulnerability could allow an attacker to generate a denial-of-service condition, modify passwords, enable services, achieve man-in-the-middle, and modify input parameters associated with devices such as sensors. This product is end-of-life and is no longer supported, but SMA has provided recommendations for mitigating the vulnerability. CISA also recommends a series of measures for mitigating the vulnerability. Read the advisory at CISA.