Lucene search
+L

26 matches found

NVD
NVD
added 5 days ago8 views

CVE-2026-60114

Sustainable Irrigation Platform SIP through version 5.2.16 contains a path traversal vulnerability that allows attackers with access to the restore functionality to write files to arbitrary locations by uploading crafted JSON backup files with unvalidated keys used to construct file paths...

8.7CVSS0.00325EPSS
Exploits2References2
NVD
NVD
added 5 days ago8 views

CVE-2026-58478

Sustainable Irrigation Platform SIP through version 5.2.16 contains a server-side request forgery SSRF vulnerability that allows unauthenticated attackers to make the device issue arbitrary HTTP requests by supplying a malicious callback URL when the optional Node-RED plugin is installed. Attacke...

6.5CVSS0.00261EPSS
Exploits2References2
NVD
NVD
added 5 days ago8 views

CVE-2026-58475

Sustainable Irrigation Platform SIP through version 5.2.16 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject arbitrary JavaScript by supplying malicious script payloads within program names submitted via HTTP requests. Attackers can exploit the...

6.1CVSS0.00214EPSS
Exploits2References2
CVE
CVE
added 5 days ago3 views

CVE-2026-58479

CVE-2026-58479 affects Sustainable Irrigation Platform (SIP) 5.x, specifically via the optional cli_control plugin. The vulnerability enables remote code execution (RCE) by storing a malicious payload through the plugin’s HTTP endpoint and then activating the associated irrigation station. The ro...

9.8CVSS6.3AI score0.05173EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 5 days ago29 views

CVE-2026-58478 Sustainable Irrigation Platform 5.2.16 SSRF via Node-RED Callback URL

Sustainable Irrigation Platform SIP through version 5.2.16 contains a server-side request forgery SSRF vulnerability that allows unauthenticated attackers to make the device issue arbitrary HTTP requests by supplying a malicious callback URL when the optional Node-RED plugin is installed. Attacke...

6.5CVSS0.00261EPSS
Exploits2References2
CVE
CVE
added 5 days ago4 views

CVE-2026-60114

SIP 5.x (up to 5.2.16) contains a path traversal flaw in the Backup/Restore function. Unvalidated keys in the JSON backup enable attackers with restore access to craft file paths and write JSON files outside the data directory. The issue is worse when the optional passphrase is not enabled (facto...

8.7CVSS6.2AI score0.00325EPSS
Exploits2References2Affected Software1
Zero Science Lab
Zero Science Lab
added 5 days ago38 views

SIP Sustainable Irrigation Platform 5.x (cli_control) Remote Code Execution

Summary SIP is a free Raspberry Pi based Python program for controlling irrigation systems sprinkler, drip, hydroponic, etc. It uses web technology to provide an intuitive user interface UI in several languages. The UI can be accessed in your favorite browser on desktop, laptop, and mobile device...

9.8CVSS6.1AI score0.05173EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 5 days ago36 views

SIP Sustainable Irrigation Platform 5.x (nr-url) Blind SSRF

Summary SIP is a free Raspberry Pi based Python program for controlling irrigation systems sprinkler, drip, hydroponic, etc. It uses web technology to provide an intuitive user interface UI in several languages. The UI can be accessed in your favorite browser on desktop, laptop, and mobile device...

6.5CVSS6.2AI score0.00261EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 5 days ago39 views

SIP Sustainable Irrigation Platform 5.x Path Traversal in Backup/Restore

Summary SIP is a free Raspberry Pi based Python program for controlling irrigation systems sprinkler, drip, hydroponic, etc. It uses web technology to provide an intuitive user interface UI in several languages. The UI can be accessed in your favorite browser on desktop, laptop, and mobile device...

8.7CVSS6.1AI score0.00325EPSS
Exploits2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2013-4478

Malware in sbrugna...

7.5CVSS6.4AI score0.01309EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-31482

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.01752EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/22 11:12 a.m.17 views

CVE-2013-4622

The 3G Mobile Hotspot feature on the HTC Droid Incredible has a default WPA2 PSK passphrase of 1234567890, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area...

7.5CVSS7AI score0.01309EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:5 a.m.8 views

CVE-2019-13393

The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses the same default 8 character passphrase for the administrative console and the WPA2 pre-shared key. Either an attack against HTTP Basic Authentication or an attack against WPA2 could be used to determine this passphrase...

7.5CVSS7.1AI score0.01238EPSS
Exploits1References1
NVD
NVD
added 2023/04/13 8:15 p.m.24 views

CVE-2023-27746

BlackVue DR750-2CH LTE v.1.0122022.10.26 was discovered to contain a weak default passphrase which can be easily cracked via a brute force attack if the WPA2 handshake is intercepted...

9.8CVSS9.5AI score0.01752EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/04/13 12:0 a.m.10 views

PT-2023-21316 · Blackvue · Blackvue Dr750-2Ch Lte

Name of the Vulnerable Software and Affected Versions: BlackVue DR750-2CH LTE version 1.012 2022.10.26 Description: The issue concerns a weak default passphrase that can be easily cracked via a brute force attack if the WPA2 handshake is intercepted. This allows for potential unauthorized access...

9.8CVSS9.2AI score0.01752EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2023/04/13 12:0 a.m.11 views

CVE-2023-27746

BlackVue DR750-2CH LTE v.1.0122022.10.26 was discovered to contain a weak default passphrase which can be easily cracked via a brute force attack if the WPA2 handshake is intercepted...

7.2AI score0.01752EPSS
Exploits1References4
CVE
CVE
added 2023/04/13 12:0 a.m.74 views

CVE-2023-27746

CVE-2023-27746 affects BlackVue DR750-2CH LTE (v.1.012_2022.10.26). The issue is a weak default passphrase that can be cracked via brute force if the WPA2 handshake is intercepted, enabling unauthorized access. Exploitation status is not provided in the documents. Remediation guidance is present ...

9.8CVSS9.3AI score0.01752EPSS
Exploits1References4Affected Software1
CNVD
CNVD
added 2020/03/17 12:0 a.m.5 views

Voo branded NETGEAR CG3700b Authorization Issues Vulnerability

The NETGEAR CG3700b is a cable modem and router from NETGEAR. An authorization issue vulnerability exists in the Voo branded NETGEAR CG3700b that stems from the use of the same default 8-character passphrase for the management console and WPA2 pre-shared key, which can be exploited by an attacker...

7.5CVSS6.9AI score0.01238EPSS
Exploits1References1
NVD
NVD
added 2020/03/13 6:15 p.m.13 views

CVE-2019-13393

The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses the same default 8 character passphrase for the administrative console and the WPA2 pre-shared key. Either an attack against HTTP Basic Authentication or an attack against WPA2 could be used to determine this passphrase...

7.5CVSS7.6AI score0.01238EPSS
Exploits1References1
Prion
Prion
added 2020/03/13 6:15 p.m.14 views

Design/Logic Flaw

The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses the same default 8 character passphrase for the administrative console and the WPA2 pre-shared key. Either an attack against HTTP Basic Authentication or an attack against WPA2 could be used to determine this passphrase...

5CVSS7.6AI score0.01238EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder