Vulnerabilities > Propumpservice > Osprey Pump Controller Firmware > High

DATE	CVE	VULNERABILITY TITLE	RISK
2023-03-28	CVE-2023-28375	Files or Directories Accessible to External Parties vulnerability in Propumpservice Osprey Pump Controller Firmware 1.01 Osprey Pump Controller version 1.01 is vulnerable to an unauthenticated file disclosure. network low complexity propumpservice CWE-552	7.5
2023-03-28	CVE-2023-28718	Cross-Site Request Forgery (CSRF) vulnerability in Propumpservice Osprey Pump Controller Firmware 1.01 Osprey Pump Controller version 1.01 allows users to perform certain actions via HTTP requests without performing any checks to verify the requests. network low complexity propumpservice CWE-352	8.0
2023-03-28	CVE-2023-28395	Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Propumpservice Osprey Pump Controller Firmware 1.01 Osprey Pump Controller version 1.01 is vulnerable to a weak session token generation algorithm that can be predicted and can aid in authentication and authorization bypass. network low complexity propumpservice CWE-338	7.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.