26 matches found
CVE-2026-60114
Sustainable Irrigation Platform SIP through version 5.2.16 contains a path traversal vulnerability that allows attackers with access to the restore functionality to write files to arbitrary locations by uploading crafted JSON backup files with unvalidated keys used to construct file paths...
CVE-2026-58478
Sustainable Irrigation Platform SIP through version 5.2.16 contains a server-side request forgery SSRF vulnerability that allows unauthenticated attackers to make the device issue arbitrary HTTP requests by supplying a malicious callback URL when the optional Node-RED plugin is installed. Attacke...
CVE-2026-58475
Sustainable Irrigation Platform SIP through version 5.2.16 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject arbitrary JavaScript by supplying malicious script payloads within program names submitted via HTTP requests. Attackers can exploit the...
CVE-2026-58479
CVE-2026-58479 affects Sustainable Irrigation Platform (SIP) 5.x, specifically via the optional cli_control plugin. The vulnerability enables remote code execution (RCE) by storing a malicious payload through the plugin’s HTTP endpoint and then activating the associated irrigation station. The ro...
CVE-2026-58478 Sustainable Irrigation Platform 5.2.16 SSRF via Node-RED Callback URL
Sustainable Irrigation Platform SIP through version 5.2.16 contains a server-side request forgery SSRF vulnerability that allows unauthenticated attackers to make the device issue arbitrary HTTP requests by supplying a malicious callback URL when the optional Node-RED plugin is installed. Attacke...
CVE-2026-60114
SIP 5.x (up to 5.2.16) contains a path traversal flaw in the Backup/Restore function. Unvalidated keys in the JSON backup enable attackers with restore access to craft file paths and write JSON files outside the data directory. The issue is worse when the optional passphrase is not enabled (facto...
SIP Sustainable Irrigation Platform 5.x (cli_control) Remote Code Execution
Summary SIP is a free Raspberry Pi based Python program for controlling irrigation systems sprinkler, drip, hydroponic, etc. It uses web technology to provide an intuitive user interface UI in several languages. The UI can be accessed in your favorite browser on desktop, laptop, and mobile device...
SIP Sustainable Irrigation Platform 5.x (nr-url) Blind SSRF
Summary SIP is a free Raspberry Pi based Python program for controlling irrigation systems sprinkler, drip, hydroponic, etc. It uses web technology to provide an intuitive user interface UI in several languages. The UI can be accessed in your favorite browser on desktop, laptop, and mobile device...
SIP Sustainable Irrigation Platform 5.x Path Traversal in Backup/Restore
Summary SIP is a free Raspberry Pi based Python program for controlling irrigation systems sprinkler, drip, hydroponic, etc. It uses web technology to provide an intuitive user interface UI in several languages. The UI can be accessed in your favorite browser on desktop, laptop, and mobile device...
EUVD-2013-4478
Malware in sbrugna...
EUVD-2023-31482
Malicious code in bioql PyPI...
CVE-2013-4622
The 3G Mobile Hotspot feature on the HTC Droid Incredible has a default WPA2 PSK passphrase of 1234567890, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area...
CVE-2019-13393
The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses the same default 8 character passphrase for the administrative console and the WPA2 pre-shared key. Either an attack against HTTP Basic Authentication or an attack against WPA2 could be used to determine this passphrase...
CVE-2023-27746
BlackVue DR750-2CH LTE v.1.0122022.10.26 was discovered to contain a weak default passphrase which can be easily cracked via a brute force attack if the WPA2 handshake is intercepted...
PT-2023-21316 · Blackvue · Blackvue Dr750-2Ch Lte
Name of the Vulnerable Software and Affected Versions: BlackVue DR750-2CH LTE version 1.012 2022.10.26 Description: The issue concerns a weak default passphrase that can be easily cracked via a brute force attack if the WPA2 handshake is intercepted. This allows for potential unauthorized access...
CVE-2023-27746
BlackVue DR750-2CH LTE v.1.0122022.10.26 was discovered to contain a weak default passphrase which can be easily cracked via a brute force attack if the WPA2 handshake is intercepted...
CVE-2023-27746
CVE-2023-27746 affects BlackVue DR750-2CH LTE (v.1.012_2022.10.26). The issue is a weak default passphrase that can be cracked via brute force if the WPA2 handshake is intercepted, enabling unauthorized access. Exploitation status is not provided in the documents. Remediation guidance is present ...
Voo branded NETGEAR CG3700b Authorization Issues Vulnerability
The NETGEAR CG3700b is a cable modem and router from NETGEAR. An authorization issue vulnerability exists in the Voo branded NETGEAR CG3700b that stems from the use of the same default 8-character passphrase for the management console and WPA2 pre-shared key, which can be exploited by an attacker...
CVE-2019-13393
The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses the same default 8 character passphrase for the administrative console and the WPA2 pre-shared key. Either an attack against HTTP Basic Authentication or an attack against WPA2 could be used to determine this passphrase...
Design/Logic Flaw
The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses the same default 8 character passphrase for the administrative console and the WPA2 pre-shared key. Either an attack against HTTP Basic Authentication or an attack against WPA2 could be used to determine this passphrase...