Propumpservice Osprey Pump Controller Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Propumpservice Osprey Pump Controller Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2023-27394 — CVSS 9.8 (critical): Osprey Pump Controller version 1.01 is vulnerable an unauthenticated OS command injection vulnerability. This can be exploited to inject…
CVE-2023-27886 — CVSS 9.8 (critical): Osprey Pump Controller version 1.01 is vulnerable to an unauthenticated OS command injection vulnerability. This can be exploited to inject…
CVE-2023-28398 — CVSS 9.8 (critical): Osprey Pump Controller version 1.01 could allow an unauthenticated user to create an account and bypass authentication, thereby gaining…
CVE-2023-28654 — CVSS 9.8 (critical): Osprey Pump Controller version 1.01 has a hidden administrative account that has the hardcoded password that allows full access to the web…
CVE-2023-28395 — CVSS 8.3 (high): Osprey Pump Controller version 1.01 is vulnerable to a weak session token generation algorithm that can be predicted and can aid in…
CVE-2023-28712 — CVSS 8.2 (high): Osprey Pump Controller version 1.01 contains an unauthenticated command injection vulnerability that could allow system access with…
CVE-2023-28648 — CVSS 7.5 (high): Osprey Pump Controller version 1.01 inputs passed to a GET parameter are not properly sanitized before being returned to the user. This can…
CVE-2023-28375 — CVSS 7.5 (high): Osprey Pump Controller version 1.01 is vulnerable to an unauthenticated file disclosure. Using a GET parameter, attackers can disclose…
CVE-2023-28718 — CVSS 7.1 (high): Osprey Pump Controller version 1.01 allows users to perform certain actions via HTTP requests without performing any checks to verify the…