24 matches found
Viessmann Vitogate 300 - Remote Code Execution
In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method. id: CVE-2023-45852 info: name: Viessmann Vitogate 300 - Remote Code Execution autho...
Viessmann Vitogate 300 BN/MB vitogate.cgi form-0-2 Command Injection Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Viessmann Vitogate 300 BN/MB devices. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of JSON payload data provided to the vitogate.cg...
CISA Releases Six Industrial Control Systems Advisories
CISA released six Industrial Control Systems ICS advisories on September 23, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-266-01 AutomationDirect CLICK PLUS ICSA-25-266-02 Mitsubishi Electric MELSEC-Q Serie...
Viessmann Vitogate 300
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to modify an intended OS command when it is sent to a downstream component, or allow an attacker to cause unexpected interactions between the client and server. 2. RECOMMENDED PRACTICES CISA recommends users...
CVE-2025-9495 Viessmann Vitogate 300 Authentication Bypass
The Vitogate 300 web interface fails to enforce proper server-side authentication and relies on frontend-based authentication controls. This allows an attacker to simply modify HTML elements in the browser’s developer tools to bypass login restrictions. By removing specific UI elements, an attack...
CVE-2025-9494 Viessmann Vitogate 300 OS Command Injection
An OS command injection vulnerability has been discovered in the Vitogate 300, which can be exploited by malicious users to compromise affected installations. Specifically, the /cgi-bin/vitogate.cgi endpoint is affected, when the form JSON parameter is set to form-0-2. The vulnerability stems fro...
Viessmann Vitogate 300 安全漏洞
Viessmann Vitogate 300 is a communication gateway from Viessmann, Germany. A security vulnerability exists in the Viessmann Vitogate 300 that stems from not implementing proper server-side authentication and relying on front-end authentication controls, which could allow an attacker to bypass log...
CVE-2023-5222
A vulnerability classified as critical was found in Viessmann Vitogate 300 up to 2.1.3.0. This vulnerability affects the function isValidUser of the file /cgi-bin/vitogate.cgi of the component Web Management Interface. The manipulation leads to use of hard-coded password. The exploit has been...
CVE-2023-5702
A vulnerability was found in Viessmann Vitogate 300 up to 2.1.3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/. The manipulation leads to direct request. The exploit has been disclosed to the public and may be used. The identifier of th...
VulnCheck KEV: CVE-2023-5222
A vulnerability classified as critical was found in Viessmann Vitogate 300 up to 2.1.3.0. This vulnerability affects the function isValidUser of the file /cgi-bin/vitogate.cgi of the component Web Management Interface. The manipulation leads to use of hard-coded password. The exploit has been...
Viessmann Vitogate 300 2.1.3.0 Remote Code Execution
Exploit Title: Viessmann Vitogate 300 = 2.1.3.0 - Remote Code Execution RCE - Shodan Dork: http.title:'Vitogate 300' - Exploit Author: ByteHunter - Email: [email protected] - Version: versions up to 2.1.3.0 - Tested on: 2.1.1.0 - CVE : CVE-2023-5702 & CVE-2023-5222 import argparse import...
Viessmann Vitogate 300 2.1.3.0 - Remote Code Execution (RCE)
Exploit Title: Viessmann Vitogate 300 = 2.1.3.0 - Remote Code Execution RCE - Shodan Dork: http.title:'Vitogate 300' - Exploit Author: ByteHunter - Email: [email protected] - Version: versions up to 2.1.3.0 - Tested on: 2.1.1.0 - CVE : CVE-2023-5702 & CVE-2023-5222 import argparse import...
CVE-2023-5702
A vulnerability was found in Viessmann Vitogate 300 up to 2.1.3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/. The manipulation leads to direct request. The exploit has been disclosed to the public and may be used. The identifier of th...
CVE-2023-5702
A vulnerability was found in Viessmann Vitogate 300 up to 2.1.3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/. The manipulation leads to direct request. The exploit has been disclosed to the public and may be used. The identifier of th...
Design/Logic Flaw
A vulnerability was found in Viessmann Vitogate 300 up to 2.1.3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/. The manipulation leads to direct request. The exploit has been disclosed to the public and may be used. The identifier of th...
CVE-2023-5702 Viessmann Vitogate 300 direct request
A vulnerability was found in Viessmann Vitogate 300 up to 2.1.3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/. The manipulation leads to direct request. The exploit has been disclosed to the public and may be used. The identifier of th...
Viessmann Vitogate Security Breach
Viessmann Vitogate is an intelligent control system from Viessmann. A security vulnerability exists in Viessmann Vitogate versions 300 through 2.1.3.0, which stems from the presence of some unknown functions in /cgi-bin/, resulting in a direct request...
PT-2023-32275 · Viessmann · Viessmann Vitogate 300
Name of the Vulnerable Software and Affected Versions: Viessmann Vitogate 300 versions up to 2.1.3.0 Description: A vulnerability was found in the Viessmann Vitogate 300, affecting some unknown functionality of the file /cgi-bin/. The manipulation leads to direct request. The exploit has been...
CVE-2023-5222
A vulnerability classified as critical was found in Viessmann Vitogate 300 up to 2.1.3.0. This vulnerability affects the function isValidUser of the file /cgi-bin/vitogate.cgi of the component Web Management Interface. The manipulation leads to use of hard-coded password. The exploit has been...
CVE-2023-5222
A vulnerability classified as critical was found in Viessmann Vitogate 300 up to 2.1.3.0. This vulnerability affects the function isValidUser of the file /cgi-bin/vitogate.cgi of the component Web Management Interface. The manipulation leads to use of hard-coded password. The exploit has been...