Smartbedded Meteobridge < 6.2 RCE (CVE-2025-4008)

The version of Smartbedded Meteobridge installed on the remote host is 6.1 or prior. It is, therefore, affected by a command injection vulnerability as referenced in the CVE-2025-4008 advisory. In the template.cgi script, unsanitized user input from the query string is passed directly to an eval...

EUVD-2001-0457

Malware in sbrugna...

MeteoBridge template.cgi command injection

Added: 10/03/2025 CVE: CVE-2025-4008 Background MeteoBridge is a device which connects personal weather stations to public weather networks. Problem A command injection vulnerability in the MeteoBridge web interface could allow remote, unauthenticated attackers to execute arbitrary commands by...

The vulnerability in the template.cgi web interface of the Meteobridge software allows a perpetrator to bypass security restrictions, gain elevated privileges, and execute arbitrary commands.

The vulnerability of the template.cgi web interface of the Meteobridge software lies in the lack of authentication for critical functions, due to insufficient filtering of special elements. Exploiting this vulnerability allows a malicious actor to bypass security restrictions, gain increased...

CVE-2001-0461

template.cgi in Free On-Line Dictionary of Computing FOLDOC allows remote attackers to read files and execute commands via shell metacharacters in the argument to template.cgi...