Picoclaw
Monthly
Missing authorization in Sipeed PicoClaw up to version 0.2.9 permits remote low-privileged attackers to invoke the rt.ReloadConfig function in pkg/channels/pico/pico.go by manipulating the message.send argument without proper authorization checks. The integrity and availability of the affected system are both at limited risk, as the CVSS 4.0 vector confirms no confidentiality exposure but allows unauthorized configuration reload or disruption. A public exploit exists (E:P), though the GitHub issue tracking the report was closed automatically due to inactivity, indicating no vendor remediation has been issued.
Improper access control in Sipeed PicoClaw up to version 0.2.9 allows remote unauthenticated attackers to bypass the IP allowlist enforced by the Launcher's web backend middleware. The flaw resides in the IPAllowlist function within web/backend/middleware/access_control.go, which fails to correctly enforce source-address restrictions, permitting unauthorized network access to protected endpoints. A public proof-of-concept exploit exists (GitHub issue #3069), and an upstream patch (PR #3126) has been submitted but a formally released patched version has not been independently confirmed.
Incorrect authorization in Sipeed PicoClaw's MQTT Channel Handler (pkg/channels/mqtt/mqtt.go) through version 0.2.9 allows remote low-privileged attackers to bypass access controls by manipulating the `client_id` argument, enabling unauthorized access to MQTT channels belonging to other clients. A public proof-of-concept exploit exists via the referenced GitHub issue, elevating practical risk beyond the moderate CVSS 4.0 score of 5.3. No vendor patch has been released - the upstream GitHub issue was closed automatically due to inactivity - leaving affected deployments without an official remediation path.
Server-side request forgery in Sipeed PicoClaw up to version 0.2.9 allows remote attackers to manipulate the WebFetchTool.Execute function within the Guarded Web Fetch Flow component, causing the server to issue arbitrary outbound requests on behalf of the attacker. The vulnerability carries a CVSS 4.0 base score of 2.1, reflecting limited confidentiality, integrity, and availability impact with no subsequent-system scope change. A public exploit has been released (E:P confirmed), but no vendor patch exists - the upstream GitHub issue was closed automatically due to inactivity, not resolution.
Remote command injection in PicoClaw Web Launcher Management Plane (versions up to 0.2.4) allows unauthenticated attackers to execute arbitrary system commands via the /api/gateway/restart endpoint. CVSS 7.3 (AV:N/AC:L/PR:N/UI:N) indicates network-accessible exploitation without authentication. Proof-of-concept code exists (CVSS:E:P). Vendor has not responded to responsible disclosure (reported via GitHub issue #2307), indicating no official patch is available. The Web Launcher Management Plane component suggests this affects administrative/control interfaces, making it a high-priority target for internet-exposed deployments.
Missing authorization in Sipeed PicoClaw up to version 0.2.9 permits remote low-privileged attackers to invoke the rt.ReloadConfig function in pkg/channels/pico/pico.go by manipulating the message.send argument without proper authorization checks. The integrity and availability of the affected system are both at limited risk, as the CVSS 4.0 vector confirms no confidentiality exposure but allows unauthorized configuration reload or disruption. A public exploit exists (E:P), though the GitHub issue tracking the report was closed automatically due to inactivity, indicating no vendor remediation has been issued.
Improper access control in Sipeed PicoClaw up to version 0.2.9 allows remote unauthenticated attackers to bypass the IP allowlist enforced by the Launcher's web backend middleware. The flaw resides in the IPAllowlist function within web/backend/middleware/access_control.go, which fails to correctly enforce source-address restrictions, permitting unauthorized network access to protected endpoints. A public proof-of-concept exploit exists (GitHub issue #3069), and an upstream patch (PR #3126) has been submitted but a formally released patched version has not been independently confirmed.
Incorrect authorization in Sipeed PicoClaw's MQTT Channel Handler (pkg/channels/mqtt/mqtt.go) through version 0.2.9 allows remote low-privileged attackers to bypass access controls by manipulating the `client_id` argument, enabling unauthorized access to MQTT channels belonging to other clients. A public proof-of-concept exploit exists via the referenced GitHub issue, elevating practical risk beyond the moderate CVSS 4.0 score of 5.3. No vendor patch has been released - the upstream GitHub issue was closed automatically due to inactivity - leaving affected deployments without an official remediation path.
Server-side request forgery in Sipeed PicoClaw up to version 0.2.9 allows remote attackers to manipulate the WebFetchTool.Execute function within the Guarded Web Fetch Flow component, causing the server to issue arbitrary outbound requests on behalf of the attacker. The vulnerability carries a CVSS 4.0 base score of 2.1, reflecting limited confidentiality, integrity, and availability impact with no subsequent-system scope change. A public exploit has been released (E:P confirmed), but no vendor patch exists - the upstream GitHub issue was closed automatically due to inactivity, not resolution.
Remote command injection in PicoClaw Web Launcher Management Plane (versions up to 0.2.4) allows unauthenticated attackers to execute arbitrary system commands via the /api/gateway/restart endpoint. CVSS 7.3 (AV:N/AC:L/PR:N/UI:N) indicates network-accessible exploitation without authentication. Proof-of-concept code exists (CVSS:E:P). Vendor has not responded to responsible disclosure (reported via GitHub issue #2307), indicating no official patch is available. The Web Launcher Management Plane component suggests this affects administrative/control interfaces, making it a high-priority target for internet-exposed deployments.