CVE-2023-28375

Name of the Vulnerable Software and Affected Versions Osprey Pump Controller version 1.01

Description The issue is related to the disclosure of information via query strings, allowing a remote attacker to reveal protected information. Using a GET parameter, attackers can disclose arbitrary files on the affected device, potentially revealing sensitive and system information.

Recommendations For Osprey Pump Controller version 1.01, consider restricting access to the GET parameter to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the vulnerable GET parameter in the affected API endpoint until the issue is resolved.