On February 18 2015, security researcher Maxim Rupp advised Environmental Systems Corporation (ESC) that their 8832 Data Controller was subject to two vulnerabilities.
According to the advisory there exist privilege management and authentication bypass issues. All models with version 3.02 and earlier are affected.
The first vulnerability would permit an attacker to gain admin access simply by forcing a parameter in the administration URL; the second gives the attacker the ability to modify the device's configuration.
Further, "ESC's recommendation for mitigation is to upgrade the device. Alternatively, block Port 80 with a firewall in front of the device. Another alternative is to educate operators and users to not use the web interface for device management, because there are other means to manage the device."
In other words, the vulnerability is easy to fix, but the patches cannot be applied as there isn't any free code-space to store them.
Just to compound the situation, exploit code is already available online.