Sustainable Irrigation Platform (SIP) through version 5.2.16 contains a cross-site request forgery vulnerability that allows remote attackers to perform state-changing administrative actions by luring a logged-in administrator into visiting a malicious page that issues HTTP GET requests without CSRF token validation or origin verification. Attackers can trigger actions such as disabling the passphrase, rebooting the device, deleting programs, or installing plugins, with the default configuration exposing these endpoints to unauthenticated users due to no required passphrase and a default credential of 'opendoor'.
References
| Link | Resource |
|---|---|
| https://www.vulncheck.com/advisories/sustainable-irrigation-platform-csrf-via-administrative-get-requests | Third Party Advisory |
| https://www.zeroscience.mk/#/advisories/ZSL-2026-5995 | Exploit Third Party Advisory |
Configurations
History
14 Jul 2026, 19:10
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.vulncheck.com/advisories/sustainable-irrigation-platform-csrf-via-administrative-get-requests - Third Party Advisory | |
| References | () https://www.zeroscience.mk/#/advisories/ZSL-2026-5995 - Exploit, Third Party Advisory | |
| First Time |
Dan-in-ca
Dan-in-ca sustainable Irrigation Platform |
|
| CPE | cpe:2.3:a:dan-in-ca:sustainable_irrigation_platform:*:*:*:*:*:*:*:* |
14 Jul 2026, 15:17
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-07-14 15:17
Updated : 2026-07-14 23:17
NVD link : CVE-2026-58476
Mitre link : CVE-2026-58476
CVE.ORG link : CVE-2026-58476
JSON object : View
Products Affected
dan-in-ca
- sustainable_irrigation_platform
CWE
CWE-352
Cross-Site Request Forgery (CSRF)
