6 matches found
CVE-2025-9494
An OS command injection vulnerability has been discovered in the Vitogate 300, which can be exploited by malicious users to compromise affected installations. Specifically, the /cgi-bin/vitogate.cgi endpoint is affected, when the form JSON parameter is set to form-0-2. The vulnerability stems fro...
CVE-2025-9494
An OS command injection vulnerability has been discovered in the Vitogate 300, which can be exploited by malicious users to compromise affected installations. Specifically, the /cgi-bin/vitogate.cgi endpoint is affected, when the form JSON parameter is set to form-0-2. The vulnerability stems fro...
CVE-2025-9494 Viessmann Vitogate 300 OS Command Injection
An OS command injection vulnerability has been discovered in the Vitogate 300, which can be exploited by malicious users to compromise affected installations. Specifically, the /cgi-bin/vitogate.cgi endpoint is affected, when the form JSON parameter is set to form-0-2. The vulnerability stems fro...
CVE-2025-9494
Vitogate 300 OS command injection (CVE-2025-9494) affects the /cgi-bin/vitogate.cgi endpoint when the JSON form parameter is set to form-0-2. The issue arises from improper sanitization before interpolating input into a format string used by popen(), enabling an authenticated attacker to inject a...
CVE-2025-9494 Viessmann Vitogate 300 OS Command Injection
An OS command injection vulnerability has been discovered in the Vitogate 300, which can be exploited by malicious users to compromise affected installations. Specifically, the /cgi-bin/vitogate.cgi endpoint is affected, when the form JSON parameter is set to form-0-2. The vulnerability stems fro...
PT-2025-39103
Name of the Vulnerable Software and Affected Versions Vitogate 300 affected versions not specified Description An OS command injection issue exists in the Vitogate 300. A malicious user can exploit this to compromise affected installations. The issue is present in the /cgi-bin/vitogate.cgi API...