Osprey Pump Controller 1.0.1 Administrator Backdoor Access

Posted by deepcore on March 1, 2023 – 7:34 am

Osprey Pump Controller version 1.0.1 has a hidden administrative account admin that has the hardcoded password Mirage1234 that allows full access to the web management interface configuration. The user admin is not visible in Usernames and Passwords menu list (120) of the application and the password cannot be changed through any normal operation of the device. The backdoor lies in the /home/pi/Mirage/Mirage_ValidateSessionCode.x ELF binary.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« WordPress Real Estate 7 Theme 3.3.4 Cross Site Request Forgery Osprey Pump Controller 1.0.1 Unauthenticated File Disclosure »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Osprey Pump Controller 1.0.1 Administrator Backdoor Access

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL