CVE-2023-28718

Name of the Vulnerable Software and Affected Versions Osprey Pump Controller version 1.01

Description The issue is related to the lack of verification for HTTP requests, which may allow an attacker to perform certain actions with administrative privileges if a logged-in user visits a malicious website. This can be exploited by sending specially crafted HTTP requests, potentially allowing a remote attacker to execute arbitrary commands.

Recommendations For Osprey Pump Controller version 1.01, consider restricting access to administrative functions until a patch is available, and avoid using the controller to perform sensitive actions when logged in and visiting external websites. As a temporary workaround, restrict the use of HTTP requests to only necessary functions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.