Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-58477— Sustainable Irrigation Platform 5.2.16 Mass Assignment via HTTP Parameters

CVSS 8.2 · High EPSS 0.36% · P28

Affected Version Matrix 1

VendorProductVersion RangeStatus
Dan-in-CASIP≤ 5.2.16affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-58477

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Sustainable Irrigation Platform 5.2.16 Mass Assignment via HTTP Parameters
Source: NVD (National Vulnerability Database)
Vulnerability Description
Sustainable Irrigation Platform (SIP) through version 5.2.16 contains a mass assignment vulnerability that allows unauthenticated attackers to overwrite sensitive configuration settings by supplying arbitrary parameter names in HTTP requests. Attackers can manipulate parameters corresponding to sensitive values such as the passphrase and listening port, and can also achieve the same result through cross-site request forgery due to the absence of adequate request validation.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
CWE-915
Source: NVD (National Vulnerability Database)
Vulnerability Title
Dan SIP 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Dan SIP是Dan个人开发者的一款基于 Raspberry Pi 的免费 Python 程序,用于控制灌溉系统(喷灌、滴灌、水培等)。 Dan SIP 5.2.16及之前版本存在输入验证错误漏洞,该漏洞源于批量赋值问题,允许未经身份验证的攻击者通过提供HTTP请求中的任意参数名称覆盖敏感配置设置。攻击者可以操作与敏感值(如口令和侦听端口)对应的参数,并且由于缺乏足够的请求验证,也可以通过跨站请求伪造达到相同结果。以下版本受到影响:5.2.16及之前版本。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
Dan-in-CASIP 0 ~ 5.2.16 -

II. Public POCs for CVE-2026-58477

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-58477

登录查看更多情报信息。

Vendor Advisories for CVE-2026-58477 (2)

Same Patch Batch · Dan-in-CA · 2026-07-14 · 6 CVEs total

CVE-2026-584799.8 CRITICALSustainable Irrigation Platform 5.2.16 RCE via cli_control Plugin Command Injection
CVE-2026-584768.1 HIGHSustainable Irrigation Platform 5.2.16 CSRF via Administrative GET Requests
CVE-2026-601147.5 HIGHSustainable Irrigation Platform 5.2.16 Path Traversal via JSON Backup Restore
CVE-2026-584786.5 MEDIUMSustainable Irrigation Platform 5.2.16 SSRF via Node-RED Callback URL
CVE-2026-584756.1 MEDIUMSustainable Irrigation Platform 5.2.16 Stored XSS via Program Name

IV. Related Vulnerabilities

V. Comments for CVE-2026-58477

No comments yet


Leave a comment