PT-2026-58031 · Dan In Ca · Sip
Anja Ivanovska
·
Published
2026-07-14
·
Updated
2026-07-14
·
CVE-2026-58476
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H |
Sustainable Irrigation Platform (SIP) through version 5.2.16 contains a cross-site request forgery vulnerability that allows remote attackers to perform state-changing administrative actions by luring a logged-in administrator into visiting a malicious page that issues HTTP GET requests without CSRF token validation or origin verification. Attackers can trigger actions such as disabling the passphrase, rebooting the device, deleting programs, or installing plugins, with the default configuration exposing these endpoints to unauthenticated users due to no required passphrase and a default credential of 'opendoor'.
Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sip