OpenCVE

In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable yes

Technical Impact total

Vendors	Products
Viessmann	Vitogate 300 Vitogate 300 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:viessmann:vitogate_300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:viessmann:vitogate_300:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://connectivity.viessmann.com/gb/mp-fp/vitogate/vitogate-300-bn-mb.html
https://github.com/Push3AX/vul/blob/main/viessmann/Vitogate300_RCE.md

History

Fri, 27 Feb 2026 02:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-10-14T00:00:00.000Z

Updated: 2024-09-17T13:47:53.087Z

Reserved: 2023-10-14T00:00:00.000Z

Link: CVE-2023-45852

Vulnrichment

Updated: 2024-08-02T20:29:32.492Z

NVD

Status : Modified

Published: 2023-10-14T02:15:09.270

Modified: 2024-11-21T08:27:29.100

Link: CVE-2023-45852

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:viessmann:vitogate_300_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2DAD3136-6337-4E41-AD13-A371EC4EA975", "versionEndIncluding": "2.1.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:viessmann:vitogate_300:-:*:*:*:*:*:*:*", "matchCriteriaId": "C464EBFC-DD80-49C9-97BE-232F8E8AE624", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method."}, {"lang": "es", "value": "En Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi permite que un atacante no autenticado omita la autenticaci\u00f3n y ejecute comandos arbitrarios a trav\u00e9s de metacaracteres de shell en los datos JSON de los par\u00e1metros ipaddr para el m\u00e9todo put."}], "id": "CVE-2023-45852", "lastModified": "2024-11-21T08:27:29.100", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-14T02:15:09.270", "references": [{"source": "cve@mitre.org", "tags": ["Product"], "url": "https://connectivity.viessmann.com/gb/mp-fp/vitogate/vitogate-300-bn-mb.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/Push3AX/vul/blob/main/viessmann/Vitogate300_RCE.md"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://connectivity.viessmann.com/gb/mp-fp/vitogate/vitogate-300-bn-mb.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/Push3AX/vul/blob/main/viessmann/Vitogate300_RCE.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "nvd@nist.gov", "type": "Primary"}]}