Osprey Pump Controller 1.0.1 Administrator Backdoor Access
Posted by deepcore on March 1, 2023 – 7:34 am
Osprey Pump Controller version 1.0.1 has a hidden administrative account admin that has the hardcoded password Mirage1234 that allows full access to the web management interface configuration. The user admin is not visible in Usernames and Passwords menu list (120) of the application and the password cannot be changed through any normal operation of the device. The backdoor lies in the /home/pi/Mirage/Mirage_ValidateSessionCode.x ELF binary.
Post a reply
You must be logged in to post a comment.