Vulnerabilities > Propumpservice
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-28 | CVE-2023-27394 | OS Command Injection vulnerability in Propumpservice Osprey Pump Controller Firmware 1.01 Osprey Pump Controller version 1.01 is vulnerable an unauthenticated OS command injection vulnerability. | 9.8 |
| 2023-03-28 | CVE-2023-27886 | OS Command Injection vulnerability in Propumpservice Osprey Pump Controller Firmware 1.01 Osprey Pump Controller version 1.01 is vulnerable to an unauthenticated OS command injection vulnerability. | 9.8 |
| 2023-03-28 | CVE-2023-28375 | Files or Directories Accessible to External Parties vulnerability in Propumpservice Osprey Pump Controller Firmware 1.01 Osprey Pump Controller version 1.01 is vulnerable to an unauthenticated file disclosure. | 7.5 |
| 2023-03-28 | CVE-2023-28398 | Improper Authentication vulnerability in Propumpservice Osprey Pump Controller Firmware 1.01 Osprey Pump Controller version 1.01 could allow an unauthenticated user to create an account and bypass authentication, thereby gaining unauthorized access to the system. | 9.8 |
| 2023-03-28 | CVE-2023-28648 | Cross-site Scripting vulnerability in Propumpservice Osprey Pump Controller Firmware 1.01 Osprey Pump Controller version 1.01 inputs passed to a GET parameter are not properly sanitized before being returned to the user. | 6.1 |
| 2023-03-28 | CVE-2023-28654 | Use of Hard-coded Credentials vulnerability in Propumpservice Osprey Pump Controller Firmware 1.01 Osprey Pump Controller version 1.01 has a hidden administrative account that has the hardcoded password that allows full access to the web management interface configuration. | 9.8 |
| 2023-03-28 | CVE-2023-28712 | Command Injection vulnerability in Propumpservice Osprey Pump Controller Firmware 1.01 Osprey Pump Controller version 1.01 contains an unauthenticated command injection vulnerability that could allow system access with www-data permissions. | 9.8 |
| 2023-03-28 | CVE-2023-28718 | Cross-Site Request Forgery (CSRF) vulnerability in Propumpservice Osprey Pump Controller Firmware 1.01 Osprey Pump Controller version 1.01 allows users to perform certain actions via HTTP requests without performing any checks to verify the requests. | 8.0 |
| 2023-03-28 | CVE-2023-28395 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Propumpservice Osprey Pump Controller Firmware 1.01 Osprey Pump Controller version 1.01 is vulnerable to a weak session token generation algorithm that can be predicted and can aid in authentication and authorization bypass. | 7.5 |