EIP-2026-101398

PRE-CVE

Osprey Pump Controller 1.0.1 - Administrator Backdoor Access

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101398. PoCs published by LiquidWorm.

AI-analyzed exploit summary The exploit reveals a hardcoded backdoor administrative account ('admin' with password 'Mirage1234') in the Osprey Pump Controller 1.0.1, allowing unauthorized access to the web management interface. The vulnerability is confirmed by decompiled code from the Mirage_ValidateSessionCode.x binary, showing the hardcoded credentials.

Description

Osprey Pump Controller 1.0.1 - Administrator Backdoor Access

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textremotehardware

https://www.exploit-db.com/exploits/51299

View Code ZIP pw:eip

The exploit reveals a hardcoded backdoor administrative account ('admin' with password 'Mirage1234') in the Osprey Pump Controller 1.0.1, allowing unauthorized access to the web management interface. The vulnerability is confirmed by decompiled code from the Mirage_ValidateSessionCode.x binary, showing the hardcoded credentials.

Classification

Working Poc 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Osprey Pump Controller 1.0.1 (Software Build ID 20211018)

No auth needed

Prerequisites: Network access to the target device

MITRE ATT&CK

T1078.001 - Default Accounts

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026