6 matches found
MeteoBridge <= 6.1 - Remote Code Execution
The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C.This web interface exposes an endpoint that is vulnerable to command injection.Remote...
MeteoBridge template.cgi command injection
Added: 10/03/2025 CVE: CVE-2025-4008 Background MeteoBridge is a device which connects personal weather stations to public weather networks. Problem A command injection vulnerability in the MeteoBridge web interface could allow remote, unauthenticated attackers to execute arbitrary commands by...
CVE-2025-4008
creationtimestamp| type| source ---|---|--- 2025-05-21 15:42:12+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/17135 2025-05-21 15:57:50+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114546643422662237 2025-05-21 17:18:31+00:00| seen|...
CVE-2025-4008 Arbitrary Command Injection in Smartbedded MeteoBridge
The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C. This web interface exposes an endpoint that is vulnerable to command injection. Remote...
CVE-2025-4008
The CVE-2025-4008 vulnerability affects Smartbedded Meteobridge prior to 6.2. The web interface processes input in template.cgi (unsanitized query-string data passed to eval), enabling unauthenticated remote attackers to execute arbitrary commands with root privileges, risking full device comprom...
CVE-2025-4008 Arbitrary Command Injection in Smartbedded MeteoBridge
The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C. This web interface exposes an endpoint that is vulnerable to command injection. Remote...