PT-2026-58031 · Dan In Ca · Sip

Anja Ivanovska

·

Publicado

2026-07-14

·

Atualizado

2026-07-14

·

CVE-2026-58476

CVSS v3.1

8.1

Alta

VetorAV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
Sustainable Irrigation Platform (SIP) through version 5.2.16 contains a cross-site request forgery vulnerability that allows remote attackers to perform state-changing administrative actions by luring a logged-in administrator into visiting a malicious page that issues HTTP GET requests without CSRF token validation or origin verification. Attackers can trigger actions such as disabling the passphrase, rebooting the device, deleting programs, or installing plugins, with the default configuration exposing these endpoints to unauthenticated users due to no required passphrase and a default credential of 'opendoor'.

Exploit

Correção

CSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-58476

Produtos afetados

Sip