CVE-2023-45852

CRITICAL EXPLOITED NUCLEI

Viessmann Vitogate 300 Firmware < 2.1.3.0 - Command Injection

Title source: rule

Description

In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method.

Nuclei Templates (1)

Viessmann Vitogate 300 - Remote Code Execution

CRITICALVERIFIEDby iamnoooob,rootxharsh,pdresearch

Shodan: title:"Vitogate 300" || http.title:"vitogate 300"

FOFA: title="Vitogate 300" || title="vitogate 300"

References (2)

[Product] https://connectivity.viessmann.com/gb/mp-fp/vitogate/vitogate-300-bn-mb.html

[Exploit, Third Party Advisory] https://github.com/Push3AX/vul/blob/main/viessmann/Vitogate300_RCE.md

View Exploit ZIP pw:eip

Scores

CVSS v3 9.8

EPSS 0.9359

EPSS Percentile 99.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2023-12-04

CWE

CWE-77

Status published

Products (1)

viessmann/vitogate_300_firmware < 2.1.3.0

Published Oct 14, 2023

Tracked Since Feb 18, 2026