""Smartbedded Meteobridge contains a command injection vulnerability that could allow remote unauthenticated attackers to gain arbitrary command execution with elevated privileges (root) on affected devices," CISA Said. According to ONEKEY, which discovered and reported the issue in late February 2025, the Meteobridge web interface lets an administrator manage their weather station data collection and control the system through a web application written in CGI shell scripts and C."
"Furthermore, ONEKEY said the vulnerability can be exploited by unauthenticated attackers due to the fact that the CGI script is hosted in a public directory without requiring any authentication. "Remote exploitation through a malicious webpage is also possible since it's a GET request without any kind of custom header or token parameter," security researcher Quentin Kaiser noted back in May. "Just send a link to your victim and create img tags with the src set to 'https://subnet.a/public/template.cgi?templatefile=$(command).'""
The U.S. Cybersecurity and Infrastructure Security Agency added a high-severity flaw affecting Smartbedded Meteobridge to its Known Exploited Vulnerabilities catalog, citing evidence of active exploitation. The vulnerability CVE-2025-4008 (CVSS score: 8.7) is a command injection in the Meteobridge web interface that can result in code execution. ONEKEY discovered and reported the issue in late February 2025; the web interface is implemented using CGI shell scripts and C and exposes a template.cgi script at /cgi-bin/template.cgi. The script insecurely uses eval calls, enabling specially crafted requests to execute arbitrary commands; an example curl request demonstrates injection. The CGI script is hosted publicly without authentication, allowing unauthenticated remote exploitation and enabling remote exploitation through malicious webpages using simple GET requests and crafted img tags. No public reports currently detail in-the-wild exploitation; the issue is fixed in Meteobridge version 6.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]