CVE-2023-28712

Name of the Vulnerable Software and Affected Versions Osprey Pump Controller version 1.01

Description The issue exists due to insufficient input validation in the software of Osprey Pump Controller, allowing a remote attacker to gain unauthorized access to the device. This vulnerability could allow system access with www-data permissions.

Recommendations For Osprey Pump Controller version 1.01, consider restricting access to the device until a patch is available. As a temporary workaround, avoid using any unauthenticated commands that could be used for injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.