In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated malicious user to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
viessmann vitogate 300 firmware |