What is CVE-2023-45852?

CVE-2023-45852 is a vulnerability in N/a. Published 2023-10-14.

Is CVE-2023-45852 known to be exploited?

9 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2023-45852

In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method.

EPSS: 0.936 (99.8th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

12442RF/POC
DMW11525708/wiki
Lern0n/Lernon-POC
adysec/POC
eeeeeeeeee-code/POC
komodoooo/Some-things
laoa1573/wy876
oLy0/Vulnerability
tanjiti/sec_

References

connectivity.viessmann.com/gb/mp-fp/vitogate/vitogate-300-bn-mb.html
github.com/Push3AX/vul/blob/main/viessmann/Vitogate300_RCE.md

Frequently asked questions

What is CVE-2023-45852?: CVE-2023-45852 is a vulnerability in N/a. Published 2023-10-14.
Is CVE-2023-45852 known to be exploited?: 9 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.