2 matches found
Viessmann Vitogate 300 - Remote Code Execution
In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method. id: CVE-2023-45852 info: name: Viessmann Vitogate 300 - Remote Code Execution autho...
FortiOS DoS on webUI through 'params' JSON parameter
An authenticated user may pass a specially crafted payload to the 'params' parameter of the JSON web API URLs with /json , which can cause the web user interface to be temporarily unresponsive...