CVE-2023-28654

Name of the Vulnerable Software and Affected Versions Osprey Pump Controller version 1.01

Description The issue is related to the use of hardcoded credentials in the Osprey Pump Controller software. This allows a remote attacker to gain full access to the web management interface configuration. The hidden administrative account is not visible in the Usernames and Passwords menu list of the application, and the password cannot be changed through any normal operation of the device.

Recommendations For Osprey Pump Controller version 1.01, as a temporary workaround, consider restricting access to the web management interface until a patch is available. Avoid using the default configuration and try to limit the exposure of the device to the network. At the moment, there is no information about a newer version that contains a fix for this vulnerability.