4 matches found
Viessmann Vitogate 300 - Remote Code Execution
In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method. id: CVE-2023-45852 info: name: Viessmann Vitogate 300 - Remote Code Execution autho...
CVE-2023-45852
In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method...
CVE-2023-45852
creationtimestamp| type| source ---|---|--- 2023-10-14 07:29:31+00:00| seen| https://t.me/cibsecurity/72279 2023-10-31 19:52:09+00:00| published-proof-of-concept| Telegram/-CUWKwBEcwVjAmflphUE2rR4naQmsMl4HRbXghsNm8kRw 2023-12-07 10:47:27+00:00| published-proof-of-concept|...
CVE-2023-45852
The CVE describes a remote code execution in Viessmann Vitogate 300 (version 2.1.3.0 and earlier) through /cgi-bin/vitogate.cgi. An unauthenticated attacker can bypass authentication and execute arbitrary commands by injecting shell metacharacters in the ipaddr field of the JSON data in a PUT req...