CVE-2023-5702

🗓️ 23 Oct 2023 00:31:04Reported by VulDBType

cve🔗 web.nvd.nist.gov👁 164 Views🌐 WEB

Vulnerability in Viessmann Vitogate 300 up to 2.1.3.0 allows manipulation of /cgi-bin/ leading to direct request

Reporter	Title	Published	Views	Family All 10
0day.today	Viessmann Vitogate 300 2.1.3.0 - Remote Code Execution Exploit	14 Mar 202400:00	–	zdt
CNNVD	Viessmann Vitogate Security Breach	23 Oct 202300:00	–	cnnvd
Cvelist	CVE-2023-5702 Viessmann Vitogate 300 direct request	23 Oct 202300:31	–	cvelist
Exploit DB	Viessmann Vitogate 300 2.1.3.0 - Remote Code Execution (RCE)	14 Mar 202400:00	–	exploitdb
ICS	Viessmann Climate Solutions SE Vitogate 300	10 Sep 202406:00	–	ics
NVD	CVE-2023-5702	23 Oct 202301:15	–	nvd
Packet Storm	Viessmann Vitogate 300 2.1.3.0 Remote Code Execution	14 Mar 202400:00	–	packetstorm
Prion	Design/Logic Flaw	23 Oct 202301:15	–	prion
Positive Technologies	PT-2023-32275 · Viessmann · Viessmann Vitogate 300	22 Oct 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-5702	23 May 202502:41	–	redhatcve

NVD

Vulners

Node

viessmann vitogate_300_firmwareRange≤2.1.3.0

AND

viessmann vitogate_300Match-

[
  {
    "vendor": "Viessmann",
    "product": "Vitogate 300",
    "versions": [
      {
        "version": "2.1.0",
        "status": "affected"
      },
      {
        "version": "2.1.1",
        "status": "affected"
      },
      {
        "version": "2.1.2",
        "status": "affected"
      },
      {
        "version": "2.1.3",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/GTA12138/vul/blob/main/Viessmann/Vitogate300_Document_Unauthorized_Access.md
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/

Parameter	Position	Path	Description	CWE
params.ipaddr	request body	/cgi-bin/vitogate.cgi	Remote code execution via Viessmann Vitogate 300 RCE using crafted payload in POST to /cgi-bin/vitogate.cgi with ipaddr containing command	CWE-425

21 Nov 2024 08:42Current

6.8Medium risk

Vulners AI Score6.8

CVSS 3.14.3 - 6.5

CVSS 23.3

CVSS 34.3

EPSS0.29373

CWE-425