Viessmann Vitogate 300 Firmware vulnerabilities
3 known vulnerabilities affecting viessmann/vitogate_300_firmware.
Total CVEs
3
CISA KEV
0
Public exploits
3
Exploited in wild
2
Severity breakdown
CRITICAL2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2023-5222P1CRITICALCVSS 9.8ExploitedPoC≤ 2.1.3.02023-09-27
CVE-2023-5222 [CRITICAL] CWE-259 CVE-2023-5222: A vulnerability classified as critical was found in Viessmann Vitogate 300 up to 2.1.3.0. This vulne
A vulnerability classified as critical was found in Viessmann Vitogate 300 up to 2.1.3.0. This vulnerability affects the function isValidUser of the file /cgi-bin/vitogate.cgi of the component Web Management Interface. The manipulation leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier o
nvd
CVE-2023-45852P1CRITICALCVSS 9.8ExploitedPoC≤ 2.1.3.02023-10-14
CVE-2023-45852 [CRITICAL] CWE-77 CVE-2023-45852: In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authenti
In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method.
nvd
CVE-2023-5702P3MEDIUMCVSS 6.5PoC≤ 2.1.3.02023-10-23
CVE-2023-5702 [MEDIUM] CWE-425 CVE-2023-5702: A vulnerability was found in Viessmann Vitogate 300 up to 2.1.3.0 and classified as problematic. Aff
A vulnerability was found in Viessmann Vitogate 300 up to 2.1.3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/. The manipulation leads to direct request. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243140. NOTE: The vendor was con
nvd