MeteoBridge <= 6.1 - Remote Code Execution

The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C.This web interface exposes an endpoint that is vulnerable to command injection.Remote...

Smartbedded Meteobridge < 6.2 RCE (CVE-2025-4008)

The version of Smartbedded Meteobridge installed on the remote host is 6.1 or prior. It is, therefore, affected by a command injection vulnerability as referenced in the CVE-2025-4008 advisory. In the template.cgi script, unsanitized user input from the query string is passed directly to an eval...

Smartbedded Meteobridge Web Detection

Binary data smartbeddedmeteobridgewebdetect.nbin...

Researchers Warn RondoDox Botnet is Weaponizing Over 50 Flaws Across 30+ Vendors

Malware campaigns distributing the RondoDox botnet have expanded their targeting focus to exploit more than 50 vulnerabilities across over 30 vendors. The activity, described as akin to an "exploit shotgun" approach, has singled out a wide range of internet-exposed infrastructure, including...

CISA Flags Meteobridge CVE-2025-4008 Flaw as Actively Exploited in the Wild

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday added a high-severity security flaw impacting Smartbedded Meteobridge to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerability, CVE-2025-4008 CVSS score: 8.7, is a case ...

MeteoBridge template.cgi command injection

Added: 10/03/2025 CVE: CVE-2025-4008 Background MeteoBridge is a device which connects personal weather stations to public weather networks. Problem A command injection vulnerability in the MeteoBridge web interface could allow remote, unauthenticated attackers to execute arbitrary commands by...

MeteoBridge template.cgi command injection

Added: 10/03/2025 CVE: CVE-2025-4008 Background MeteoBridge is a device which connects personal weather stations to public weather networks. Problem A command injection vulnerability in the MeteoBridge web interface could allow remote, unauthenticated attackers to execute arbitrary commands by...

CISA Adds Five Known Exploited Vulnerabilities to Catalog

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2014-6278link is external GNU Bash OS Command Injection Vulnerability CVE-2015-7755link is external Juniper ScreenOS Improper Authentication Vulnerability...

VulnCheck KEV: CVE-2025-4008

The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C. This web interface exposes an endpoint that is vulnerable to command injection. Remote...

Smartbedded Meteobridge Command Injection Vulnerability

Smartbedded Meteobridge contains a command injection vulnerability that could allow remote unauthenticated attackers to gain arbitrary command execution with elevated privileges root on affected devices...

CVE-2025-4008

The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C. This web interface exposes an endpoint that is vulnerable to command injection. Remote...

CVE-2025-4008

The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C. This web interface exposes an endpoint that is vulnerable to command injection. Remote...

CVE-2025-4008

The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C. This web interface exposes an endpoint that is vulnerable to command injection. Remote...

EUVD-2025-16032

The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C. This web interface exposes an endpoint that is vulnerable to command injection. Remote...

CVE-2025-4008

The CVE-2025-4008 vulnerability affects Smartbedded Meteobridge prior to 6.2. The web interface processes input in template.cgi (unsanitized query-string data passed to eval), enabling unauthenticated remote attackers to execute arbitrary commands with root privileges, risking full device comprom...

CVE-2025-4008 Arbitrary Command Injection in Smartbedded MeteoBridge

The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C. This web interface exposes an endpoint that is vulnerable to command injection. Remote...

CVE-2025-4008 Arbitrary Command Injection in Smartbedded MeteoBridge

The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C. This web interface exposes an endpoint that is vulnerable to command injection. Remote...

Meteobridge 安全漏洞

Meteobridge is a small device from Meteobridge that connects personal weather stations to public weather networks. A security vulnerability exists in Meteobridge that stems from a command injection vulnerability in the web interface endpoint that could allow an unauthenticated, remote attacker to...

PT-2025-22369

Name of the Vulnerable Software and Affected Versions Smartbedded Meteobridge versions prior to 6.2 Description The Meteobridge web interface is susceptible to a command injection flaw. This allows remote, unauthenticated attackers to execute arbitrary commands with elevated privileges root on...