6 matches found
CISA Flags Meteobridge CVE-2025-4008 Flaw as Actively Exploited in the Wild
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday added a high-severity security flaw impacting Smartbedded Meteobridge to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerability, CVE-2025-4008 CVSS score: 8.7, is a case ...
MeteoBridge template.cgi command injection
Added: 10/03/2025 CVE: CVE-2025-4008 Background MeteoBridge is a device which connects personal weather stations to public weather networks. Problem A command injection vulnerability in the MeteoBridge web interface could allow remote, unauthenticated attackers to execute arbitrary commands by...
CVE-2025-4008
The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C. This web interface exposes an endpoint that is vulnerable to command injection. Remote...
CVE-2025-4008 Arbitrary Command Injection in Smartbedded MeteoBridge
The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C. This web interface exposes an endpoint that is vulnerable to command injection. Remote...
CVE-2025-4008
The CVE-2025-4008 vulnerability affects Smartbedded Meteobridge prior to 6.2. The web interface processes input in template.cgi (unsanitized query-string data passed to eval), enabling unauthenticated remote attackers to execute arbitrary commands with root privileges, risking full device comprom...
Meteobridge 安全漏洞
Meteobridge is a small device from Meteobridge that connects personal weather stations to public weather networks. A security vulnerability exists in Meteobridge that stems from a command injection vulnerability in the web interface endpoint that could allow an unauthenticated, remote attacker to...