CVE-2026-58476
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
Sustainable Irrigation Platform (SIP) through version 5.2.16 contains a cross-site request forgery vulnerability that allows remote attackers to perform state-changing administrative actions by luring a logged-in administrator into visiting a malicious page that issues HTTP GET requests without CSRF token validation or origin verification. Attackers can trigger actions such as disabling the passphrase, rebooting the device, deleting programs, or installing plugins, with the default configuration exposing these endpoints to unauthenticated users due to no required passphrase and a default credential of 'opendoor'.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Dan-in-CA | SIP | 0 <= 5.2.16 | affected |
Weaknesses
- CWE-352: Cross-Site Request Forgery (CSRF)
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
References
- https://www.zeroscience.mk/#/advisories/ZSL-2026-5995
- https://www.vulncheck.com/advisories/sustainable-irrigation-platform-csrf-via-administrative-get-requests
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.