Lucene search
K

6 matches found

The Hacker News
The Hacker News
added 2025/10/03 8:23 a.m.8 views

CISA Flags Meteobridge CVE-2025-4008 Flaw as Actively Exploited in the Wild

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday added a high-severity security flaw impacting Smartbedded Meteobridge to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerability, CVE-2025-4008 CVSS score: 8.7, is a case ...

10CVSS9.5AI score0.99686EPSS
Exploits80
Saint
Saint
added 2025/10/03 12:0 a.m.101 views

MeteoBridge template.cgi command injection

Added: 10/03/2025 CVE: CVE-2025-4008 Background MeteoBridge is a device which connects personal weather stations to public weather networks. Problem A command injection vulnerability in the MeteoBridge web interface could allow remote, unauthenticated attackers to execute arbitrary commands by...

8.8CVSS8.3AI score0.94991EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2025/05/23 4:18 p.m.16 views

CVE-2025-4008

The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C. This web interface exposes an endpoint that is vulnerable to command injection. Remote...

8.7CVSS7.8AI score0.94991EPSS
Exploits3References1
Vulnrichment
Vulnrichment
added 2025/05/21 3:31 p.m.8 views

CVE-2025-4008 Arbitrary Command Injection in Smartbedded MeteoBridge

The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C. This web interface exposes an endpoint that is vulnerable to command injection. Remote...

8.7CVSS7.5AI score0.94991EPSS
Exploits3References2
CVE
CVE
added 2025/05/21 3:31 p.m.90 views

CVE-2025-4008

The CVE-2025-4008 vulnerability affects Smartbedded Meteobridge prior to 6.2. The web interface processes input in template.cgi (unsanitized query-string data passed to eval), enabling unauthenticated remote attackers to execute arbitrary commands with root privileges, risking full device comprom...

8.8CVSS7.1AI score0.94991EPSS
In wildExploits3References3Affected Software2
CNNVD
CNNVD
added 2025/05/21 12:0 a.m.5 views

Meteobridge 安全漏洞

Meteobridge is a small device from Meteobridge that connects personal weather stations to public weather networks. A security vulnerability exists in Meteobridge that stems from a command injection vulnerability in the web interface endpoint that could allow an unauthenticated, remote attacker to...

8.8CVSS8.2AI score0.94991EPSS
Exploits3References2
Rows per page
Query Builder