The researcher says the device’s software stack exposes weak points from the moment it boots. Early units arrived with a pre-set password and open SSH access, a problem the researcher reported to Sipeed and which the company later corrected. The web interface still lacks basic protections, including CSRF defence and any mechanism to invalidate active sessions.
- Tuesday, March 10, 2026
Latest Posts