EIP-2026-101400

PRE-CVE

Osprey Pump Controller 1.0.1 - Cross-Site Request Forgery

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101400. PoCs published by LiquidWorm.

AI-analyzed exploit summary This exploit demonstrates CSRF vulnerabilities in Osprey Pump Controller 1.0.1, allowing unauthorized actions such as adding users, setting passwords, and modifying system pressure via crafted HTTP requests without proper validity checks.

Description

Osprey Pump Controller 1.0.1 - Cross-Site Request Forgery

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textremotehardware

https://www.exploit-db.com/exploits/51304

View Code ZIP pw:eip

This exploit demonstrates CSRF vulnerabilities in Osprey Pump Controller 1.0.1, allowing unauthorized actions such as adding users, setting passwords, and modifying system pressure via crafted HTTP requests without proper validity checks.

Classification

Working Poc 95%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Osprey Pump Controller 1.0.1 (Software Build ID 20211018)

Auth required

Prerequisites: Victim must be authenticated and visit a malicious site

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026