Dreame Technology iOS and Android Mobile Applications

View CSAF

1. EXECUTIVE SUMMARY

CVSS v4 8.5
ATTENTION: Low attack complexity
Vendor: Dreame Technology
Equipment: Dreamehome and MOVAhome mobile applications
Vulnerability: Improper Certificate Validation

2. RISK EVALUATION

Successful exploitation of this vulnerability could result in unauthorized information disclosure.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of the Dreame and MOVA mobile apps are affected:

Dreamehome iOS app: Versions 2.3.4 and prior
Dreamehome Android app: Versions 2.1.8.8 and prior
MOVAhome iOS app: Versions 1.2.3 and prior

3.2 VULNERABILITY OVERVIEW

3.2.1 IMPROPER CERTIFICATE VALIDATION CWE-295

A TLS vulnerability exists in the phone application used to manage a connected device. The phone application accepts self-signed certificates when establishing TLS communication which may result in man-in-the-middle attacks on untrusted networks. Captured communications may include user credentials and sensitive session tokens.

CVE-2025-8393 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.3 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N).

A CVSS v4 score has also been calculated for CVE-2025-8393. A base score of 8.5 has been calculated; the CVSS vector string is (AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Communications
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: China

3.4 RESEARCHER

Dennis Giese reported this vulnerability to CISA.

4. MITIGATIONS

Dreame Technology did not respond to CISA’s request for coordination. Contact Dreame Technology directly for more information. Note that MOVA is a subsidiary of Dreame Technology.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.
Locate control system networks and remote devices behind firewalls and isolating them from business networks.
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.

5. UPDATE HISTORY

August 07, 2025: Initial Publication

Burk Technology ARC Solo

View CSAF

1. EXECUTIVE SUMMARY

CVSS v4 9.3
ATTENTION: Exploitable remotely/Low attack complexity
Vendor: Burk Technology
Equipment: ARC Solo
Vulnerability: Missing Authentication for Critical Function

2. RISK EVALUATION

Successful exploitation of this vulnerability could result in an attacker gaining access to the device, locking out authorized users, or disrupting operations.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following version of ARC Solo, a monitoring and control device primariliy used in broadcasting, is affected:

ARC Solo: Versions prior to v1.0.62

3.2 VULNERABILITY OVERVIEW

3.2.1 MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306

The device’s password change mechanism can be utilized without proper authentication procedures, allowing an attacker to take over the device. A password change request can be sent directly to the device’s HTTP endpoint without providing valid credentials. The system does not enforce proper authentication or session validation, allowing the password change to proceed without verifying the request’s legitimacy.

CVE-2025-5095 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-5095. A base score of 9.3 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Communications
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: United States

3.4 RESEARCHER

Souvik Kandar of MicroSec (microsec.io) reported this vulnerability to CISA.

4. MITIGATIONS

Burk Technology recommends users update their ARC Solo devices to Version v1.0.62 or later. The upgrade can be downloaded from the Burk Technology website.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
Locate control system networks and remote devices behind firewalls and isolating them from business networks.
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

5. UPDATE HISTORY

August 7, 2025: Initial Publication

EG4 Electronics EG4 Inverters

View CSAF

1. EXECUTIVE SUMMARY

CVSS v4 9.2
ATTENTION: Exploitable remotely/low attack complexity
Vendor: EG4 Electronics
Equipment: EG4 Inverters
Vulnerabilities: Cleartext Transmission of Sensitive Information, Download of Code Without Integrity Check, Observable Discrepancy, Improper Restriction of Excessive Authentication Attempts

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an attacker to intercept and manipulate critical data, install malicious firmware, hijack device access, and gain unauthorized control over the system.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following EG4 Electronics inverters are affected:

EG4 12kPV: All versions
EG4 18kPV: All versions
EG4 Flex 21: All versions
EG4 Flex 18: All versions
EG4 6000XP: All versions
EG4 12000XP: All versions
EG4 GridBoss: All versions

3.2 VULNERABILITY OVERVIEW

3.2.1 CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319

The MOD3 command traffic between the monitoring application and the inverter is transmitted in plaintext without encryption or obfuscation. This vulnerability may allow an attacker with access to a local network to intercept, manipulate, replay, or forge critical data, including read/write operations for voltage, current, and power configuration, operational status, alarms, telemetry, system reset, or inverter control commands, potentially disrupting power generation or reconfiguring inverter settings.

CVE-2025-52586 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.9 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L).

A CVSS v4 score has also been calculated for CVE-2025-52586. A base score of 7.5 has been calculated; the CVSS vector string is (AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N).

3.2.2 DOWNLOAD OF CODE WITHOUT INTEGRITY CHECK CWE-494

The affected product allows firmware updates to be downloaded from EG4’s website, transferred via USB dongles, or installed through EG4’s Monitoring Center (remote, cloud-connected interface) or via a serial connection, and can install these files without integrity checks. The TTComp archive format used for the firmware is unencrypted and can be unpacked and altered without detection.

CVE-2025-53520 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-53520. A base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.2.3 OBSERVABLE DISCREPANCY CWE-203

The public-facing product registration endpoint server responds differently depending on whether the S/N is valid and unregistered, valid but already registered, or does not exist in the database. Combined with the fact that serial numbers are sequentially assigned, this allows an attacker to gain information on the product registration status of different S/Ns.

CVE-2025-47872 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N).

A CVSS v4 score has also been calculated for CVE-2025-47872. A base score of 6.9 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N).

3.2.4 IMPROPER RESTRICTION OF EXCESSIVE AUTHENTICATION ATTEMPTS CWE-307

The affected product does not limit the number of attempts for inputting the correct PIN for a registered product, which may allow an attacker to gain unauthorized access using brute-force methods if they possess a valid device serial number. The API provides clear feedback when the correct PIN is entered. This vulnerability was patched in a server-side update on April 6, 2025.

CVE-2025-46414 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.1 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-46414. A base score of 9.2 has been calculated; the CVSS vector string is (AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Energy
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: United States

3.4 RESEARCHER

Anthony Rose of BC Security reported these vulnerabilities to CISA.

4. MITIGATIONS

EG4 has acknowledged the vulnerabilities and is actively working on a fix, including new hardware expected to release by October 15, 2025. Until then, EG4 will actively monitor all installed systems and work with affected users on a case-by-case basis if anomalies are observed.

Note that CVE-2025-46414 was fixed on April 6, 2025. No user action was or is necessary.

For more information, contact EG4.

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.
Locate control system networks and remote devices behind firewalls and isolating them from business networks.
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

Do not click web links or open attachments in unsolicited email messages.
Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.
Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

5. UPDATE HISTORY

August 7, 2025: Initial Publication

CISA Issues ED 25-02: Mitigate Microsoft Exchange Vulnerability

Today, CISA issued Emergency Directive (ED) 25-02: Mitigate Microsoft Exchange Vulnerability in response to CVE-2025-53786, a vulnerability in Microsoft Exchange server hybrid deployments.

ED 25-02 directs all Federal Civilian Executive Branch (FCEB) agencies with Microsoft Exchange hybrid environments to implement required mitigations by 9:00 AM EDT on Monday, August 11, 2025.

This vulnerability presents significant risk to all organizations operating Microsoft Exchange hybrid-joined configurations that have not yet implemented the April 2025 patch guidance.

Although this directive is only for FCEB agencies, CISA strongly encourages all organizations to address this vulnerability. For additional details, see CISA’s Alert: Microsoft Releases Guidance on Vulnerability (CVE-2025-53786) in Hybrid Exchange Deployments.

Tigo Energy Cloud Connect Advanced

View CSAF

1. EXECUTIVE SUMMARY

CVSS v4 9.3
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Tigo Energy
Equipment: Cloud Connect Advanced
Vulnerabilities: Use of Hard-coded Credentials, Command Injection, Predictable Seed in Pseudo-Random Number Generator (PRNG).

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow attackers to gain unauthorized administrative access using hard-coded credentials, escalate privileges to take full control of the device, modify system settings, disrupt solar energy production, interfere with safety mechanisms, execute arbitrary commands via command injection, cause service disruptions, expose sensitive data, and recreate valid session IDs to access sensitive device functions on connected solar inverter systems due to insecure session ID generation.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of Cloud Connect Advanced are affected:

Cloud Connect Advanced: Versions 4.0.1 and prior

3.2 VULNERABILITY OVERVIEW

3.2.1 Use of Hard-coded Credentials CWE-798

Tigo Energy’s Cloud Connect Advanced (CCA) device contains hard-coded credentials that allow unauthorized users to gain administrative access. This vulnerability enables attackers to escalate privileges and take full control of the device, potentially modifying system settings, disrupting solar energy production, and interfering with safety mechanisms.

CVE-2025-7768 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-7768. A base score of 9.3 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.2.2 Improper Neutralization of Special Elements used in a Command (‘Command Injection’) CWE-77

Tigo Energy’s CCA is vulnerable to a command injection vulnerability in the /cgi-bin/mobile_api endpoint when the DEVICE_PING command is called, allowing remote code execution due to improper handling of user input. When used with default credentials, this enables attackers to execute arbitrary commands on the device that could cause potential unauthorized access, service disruption, and data exposure.

CVE-2025-7769 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-7769. A base score of 8.7 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.2.3 Predictable Seed in Pseudo-Random Number Generator (PRNG) CWE-337

Tigo Energy’s CCA device is vulnerable to insecure session ID generation in their remote API. The session IDs are generated using a predictable method based on the current timestamp, allowing attackers to recreate valid session IDs. When combined with the ability to circumvent session ID requirements for certain commands, this enables unauthorized access to sensitive device functions on connected solar optimization systems.

CVE-2025-7770 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-7770. A base score of 8.7 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Energy
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: United States

3.4 RESEARCHER

Anthony Rose and Jacob Krasnov of BC Security and Peter Kariuki of Ovanova reported these vulnerabilities to CISA.

4. MITIGATIONS

Tigo Energy is aware of these vulnerabilities and is actively working on a fix to address them.

Visit Tigo Energy’s Help Center for more specific security recommendations.

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
Locate control system networks and remote devices behind firewalls and isolating them from business networks.
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

5. UPDATE HISTORY

August 5, 2025: Initial Publication

Panera franchise collapses in Houston: Lawsuits, layoffs, and millions owed

Andrew Kittredge throws Cubs’ sixth immaculate inning, 1 day after getting booed off the mound

Andrew Kittredge’s first two appearances with the Chicago Cubs were perfect. His third appearance was a disaster.

His fourth appearance? The sixth immaculate inning in franchise history.

The veteran reliever accomplished the feat of three strikeouts on nine pitches on Wednesday in the seventh inning of a game against the Cincinnati Reds. His victims: Austin Hays, Gavin Lux and Tyler Stephenson, all of whom went down swinging.

Andrew Kittredge throws the 6th immaculate inning in Cubs history 😳 pic.twitter.com/ufZsIq6WF8

— Marquee Sports Network (@WatchMarquee) August 6, 2025

Immaculate innings are one of the lesser-known single-game accomplishments in baseball, but the fact that there have only been 120 in MLB history puts them closer to perfect games (24) than no-hitters (326) on the rarity scale. They are becoming more frequent, though, with 13 in the past four seasons.

[Join or create a Yahoo Fantasy Football league for the 2025 NFL season]

Cal Quantrill of the Miami Marlins and Brandon Young of the Baltimore Orioles are responsible for the other two immaculate innings this season.

Kittredge, whom the Cubs acquired at the trade deadline for infield prospect Wilfri De La Cruz, entered the history books just one day after getting booed off the field at Wrigley Field. He allowed four earned runs in an inning of work, taking the loss in a 5-1 Reds victory.

TAKE THAT, WIND@spenc__er pic.twitter.com/e4XVf0FzOQ

— Cincinnati Reds (@Reds) August 6, 2025

Immaculate innings have a tendency to sneak up on people who are watching the game, or even the ones playing in it. The Cubs booth praised Kittredge for bouncing back by striking out the side, until a graphic showed the words “immaculate inning” and Cubs catcher Carson Kelly admitted he didn’t realize what was happening until pitch No. 9:

“The last pitch [is when I realized]. I was like, ‘Wow. We went sinker, sinker, slider; sinker, sinker, slider; sinker, sinker… slider?’ It was pretty cool to be a part of that.”

Kittredge is a nine-year MLB veteran and was solid in his half-season with Orioles — solid enough in fact to get traded as the team decided to punt on a lost 2025 season. He was one of four players acquired by the Cubs at the deadline, alongside fellow reliever Taylor Rogers, utility man Willi Castro and starting pitcher Michael Soroka, whose status is very up in the air right now.

OKC Thunder jersey history No. 35 – Leon Smith (2004)

The Oklahoma City Thunder (and the Seattle Supersonics before them) have 51 jersey numbers worn by the players who have suited up for the franchise since its founding at the start of the 1967-68 season. To commemorate the players who wore those numbers, Thunder Wire is covering the entire history of jersey numbers and the players who sported them since the founding of the team.

And while those Supersonics jerseys may not remain part of the franchise history should a new team be established in Seattle as was the case with the return of the Charlotte Hornets, they are part of the Thunder’s history today.

For this article, we continue with the 35th jersey number in the series, jersey No. 35, with 11 players in total having donned the jersey in the history of the franchise.

The ninth of those players did so in the Seattle SuperSonics era, big man alum Leon Smith. After ending his high school career, Smith made the leap right to the NBA, and was picked up with the 29th overall selection of the 1999 NBA Draft by the San Antonio Spurs.

Cut before the start of his rookie season, Smith played in other domestic leagues and for the Atlanta Hawks before signing with Seattle in 2004. His stay with the team would span just a single game before he’d be cut, his last in the NBA.

During his time suiting up for the Sonics, Smith wore only jersey No. 35 and put up 2.0 points and as many rebounds per game.

All stats and data courtesy of Basketball Reference.

This article originally appeared on Celtics Wire: Thunder jersey history No. 35 – Leon Smith (2004)

Brooklyn Nets jersey history No. 21 – Iman Shumpert (2020-21)

The Brooklyn Nets have 52 jersey numbers worn by over 600 different players over the course of their history since the franchise was founded in 1967 as a charter member of the American Basketball Association (ABA), when the team was known as the “New Jersey Americans”.

Since then, that league has been absorbed by the NBA with the team that would later become the New York Nets and New Jersey Nets before settling on the name by which they are known today, bringing their rich player and jersey history with them to the league of today.

To commemorate the players who played for the Nets over the decades wearing those 52 different jersey numbers, Nets Wire is covering the entire history of the franchise’s jersey numbers and the players who sported them since the founding of the team. The 22nd of those 52 different numbers is jersey No. 21, which has has had a total of 26 players wear the number in the history of the team.

The 25th of those players wearing No. 21 played in the Brooklyn Nets era, wing alum Iman Shumpert. After ending his college career at Georgia Tech, Shumpert was picked up with the 17th overall selection of the 2011 NBA Draft by the New York Knicks.

The Oak Park, Illinois native also played for the Cleveland Cavaliers, Sacramento Kings, and Houston Rockets before he signed with Brooklyn in 2019 for his last two seasons in the NBA.

During his time suiting up for the Nets, Shumpert wore only jersey Nos. 10 and 21 and put up 3.7 points and 2.3 rebounds per game.

All stats and data courtesy of Basketball Reference.

This article originally appeared on Celtics Wire: Nets jersey history No. 21 – Iman Shumpert (2020-21)

Boston Celtics jersey history No. 28 – RJ Hunter (2015-19)

The Boston Celtics have had players suiting up in a total of 68 different jersey numbers (and have three others not part of any numerical series) since their founding at the dawn of the Basketball Association of America (BAA — the league that would become today’s NBA), worn by well over 500 players in the course of Celtics history.

To commemorate the players who wore those numbers, Celtics Wire is covering the entire history of jersey numbers and the players who sported them since the founding of the team.

With 25 of those jerseys now retired to honor some of the greatest Celtics to wear those jerseys, there is a lot of history to cover.

And for today’s article, we will continue with the 11th of 14 people to wear the No. 28, Boston guard alum RJ Hunter. After ending his college career at Georgia State, Hunter was picked up with the 28th overall selection of the 2015 NBA Draft by the Celtics.

The Oxford, Ohio native played just 36 games before he was cut by the team to end his first stint with Boston, separated by another with the Chicago Bulls and one with Houston Rockets before signing with Boston for the final game of his NBA career as a player.

During his time suiting up for the Celtics, Hunter wore only jersey No. 28 and put up 3.1 points and 1.1 rebounds per game.

All stats and data courtesy of Basketball Reference.

This article originally appeared on Celtics Wire: Celtics jersey history No. 28 – RJ Hunter (2015-19)