CVE-2023-5702

A vulnerability was found in Viessmann Vitogate 300 up to 2.1.3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/. The manipulation leads to direct request. The exploit has been disclosed to the public and may be used. The identifier of th...

Viessmann Vitogate Security Breach

Viessmann Vitogate is an intelligent control system from Viessmann. A security vulnerability exists in Viessmann Vitogate versions 300 through 2.1.3.0, which stems from the presence of some unknown functions in /cgi-bin/, resulting in a direct request...

PT-2023-32275 · Viessmann · Viessmann Vitogate 300

Name of the Vulnerable Software and Affected Versions: Viessmann Vitogate 300 versions up to 2.1.3.0 Description: A vulnerability was found in the Viessmann Vitogate 300, affecting some unknown functionality of the file /cgi-bin/. The manipulation leads to direct request. The exploit has been...

Ubuntu 16.04 ESM : Apache Tomcat 7 vulnerabilities (USN-4791-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4791-1 advisory. It was discovered that Apache Tomcat 7 did not protect applications from the presence of untrusted client data in an environment variable. A remote...

CVE-2023-40145

In Weintek's cMT3000 HMI Web CGI device, an anonymous attacker can execute arbitrary commands after login to the device...

CVE-2023-43492

In Weintek's cMT3000 HMI Web CGI device, the cgi-bin codesys.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication...

CVE-2023-43492

In Weintek's cMT3000 HMI Web CGI device, the cgi-bin codesys.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication...

Command injection

In Weintek's cMT3000 HMI Web CGI device, an anonymous attacker can execute arbitrary commands after login to the device...

Stack overflow

In Weintek's cMT3000 HMI Web CGI device, the cgi-bin codesys.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication...

CVE-2023-43492 Weintek cMT3000 HMI Web CGI Stack-based Buffer Overflow

In Weintek's cMT3000 HMI Web CGI device, the cgi-bin codesys.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication...

CVE-2023-43492

Weintek cMT3000 HMI Web CGI (cgi-bin codesys.cgi) is affected by a stack-based buffer overflow vulnerability (CVE-2023-43492). The issue could allow an unauthenticated attacker to hijack control flow and bypass login authentication. Impact is rated critical (CVSS v3.1 base score 9.8) with network...

CVE-2023-40145 Weintek cMT3000 HMI Web CGI OS Command Injection

In Weintek's cMT3000 HMI Web CGI device, an anonymous attacker can execute arbitrary commands after login to the device...

CVE-2023-40145

CVE-2023-40145 is an OS Command Injection in Weintek cMT3000 HMI Web CGI (cgi-bin area). The vulnerability allows an anonymous attacker, after login, to execute arbitrary commands on affected devices. The issue is classified under CWE-78 (OS Command Injection) and is part of a pair of flaws affec...

CVE-2023-38584 Weintek cMT3000 HMI Web CGI Stack-based Buffer Overflow

In Weintek's cMT3000 HMI Web CGI device, the cgi-bin commandwb.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication...

CVE-2023-38584

CVE-2023-38584 affects Weintek cMT3000 HMI Web CGI: the stack-based buffer overflow in cgi-bin command_wb.cgi can allow an anonymous network attacker to hijack control flow and bypass login authentication (CRITICAL, CVSS v3.1 9.8). Affected products include cMT3000 family variants; root cause is ...

The vulnerability of the gwcfg_cgi_set_manage_post_data() function in the microprogramming software for industrial Wi-Fi routers Yifan YF325 allows a hacker to influence the integrity, accessibility, and confidentiality of the protected information.

The vulnerability of the gwcfgcgisetmanagepostdata function in the microprogramming-based industrial Wi-Fi routers from Yifan YF325 relates to the execution of operations outside the buffer in memory. Exploiting this vulnerability allows a malicious actor to influence the integrity, availability,...

Weintek cMT Buffer Error Vulnerability

Weintek cMT is a human machine interface application from Weintek. A security vulnerability exists in the Weintek cMT3000 HMI Web CGI, which stems from the fact that cgi-bin codesys.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypa...

Weintek cMT Buffer Error Vulnerability

Weintek cMT is a human machine interface application from Weintek. A security vulnerability exists in the Weintek cMT3000 HMI Web CGI, which stems from the fact that cgi-bin commandwb.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and...

Weintek cMT3000 HMI Web CGI

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Weintek Equipment : cMT3000 CMI Web CGI Vulnerabilities : Stack-based Buffer Overflow, OS Command Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an...

CVE-2023-44961

SQL Injection vulnerability in Koha Library Software 23.0.5.04 and before allows a remote attacker to obtain sensitive information via the intranet/cgi bin/cataloging/ysearch.pl. component...