Skip to main content

Osprey Pump Controller Firmware

9 CVEs product

Monthly

CVE-2023-28718 HIGH This Week

Osprey Pump Controller version 1.01 allows users to perform certain actions via HTTP requests without performing any checks to verify the requests. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Osprey Pump Controller Firmware
NVD
CVSS 3.1
8.0
EPSS
0.3%
CVE-2023-28712 CRITICAL Act Now

Osprey Pump Controller version 1.01 contains an unauthenticated command injection vulnerability that could allow system access with www-data permissions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Osprey Pump Controller Firmware
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-28654 CRITICAL Act Now

Osprey Pump Controller version 1.01 has a hidden administrative account that has the hardcoded password that allows full access to the web management interface configuration. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Osprey Pump Controller Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-28648 MEDIUM This Month

Osprey Pump Controller version 1.01 inputs passed to a GET parameter are not properly sanitized before being returned to the user. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Osprey Pump Controller Firmware
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2023-28398 CRITICAL Act Now

Osprey Pump Controller version 1.01 could allow an unauthenticated user to create an account and bypass authentication, thereby gaining unauthorized access to the system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Osprey Pump Controller Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-28375 HIGH This Week

Osprey Pump Controller version 1.01 is vulnerable to an unauthenticated file disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Osprey Pump Controller Firmware
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2023-27886 CRITICAL Act Now

Osprey Pump Controller version 1.01 is vulnerable to an unauthenticated OS command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Command Injection Osprey Pump Controller Firmware
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-27394 CRITICAL Act Now

Osprey Pump Controller version 1.01 is vulnerable an unauthenticated OS command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Command Injection Osprey Pump Controller Firmware
NVD
CVSS 3.1
9.8
EPSS
18.2%
CVE-2023-28395 HIGH This Week

Osprey Pump Controller version 1.01 is vulnerable to a weak session token generation algorithm that can be predicted and can aid in authentication and authorization bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Osprey Pump Controller Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
EPSS 0% CVSS 8.0
HIGH This Week

Osprey Pump Controller version 1.01 allows users to perform certain actions via HTTP requests without performing any checks to verify the requests. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Osprey Pump Controller Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Osprey Pump Controller version 1.01 contains an unauthenticated command injection vulnerability that could allow system access with www-data permissions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Osprey Pump Controller Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Osprey Pump Controller version 1.01 has a hidden administrative account that has the hardcoded password that allows full access to the web management interface configuration. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Osprey Pump Controller Firmware
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Osprey Pump Controller version 1.01 inputs passed to a GET parameter are not properly sanitized before being returned to the user. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Osprey Pump Controller Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Osprey Pump Controller version 1.01 could allow an unauthenticated user to create an account and bypass authentication, thereby gaining unauthorized access to the system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Osprey Pump Controller Firmware
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Osprey Pump Controller version 1.01 is vulnerable to an unauthenticated file disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Osprey Pump Controller Firmware
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Osprey Pump Controller version 1.01 is vulnerable to an unauthenticated OS command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Command Injection Osprey Pump Controller Firmware
NVD
EPSS 18% CVSS 9.8
CRITICAL Act Now

Osprey Pump Controller version 1.01 is vulnerable an unauthenticated OS command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Command Injection Osprey Pump Controller Firmware
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Osprey Pump Controller version 1.01 is vulnerable to a weak session token generation algorithm that can be predicted and can aid in authentication and authorization bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Osprey Pump Controller Firmware
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy