MeteoBridge 漏洞列表

The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C.This web interface exposes an endpoint that is vulnerable to command injection.Remote unauthenticated attackers can gain arbitrary command execution with elevated privileges ( root ) on affected devices. fofa: "Meteobridge"

The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C.This web interface exposes an endpoint that is vulnerable to command injection.Remote unauthenticated attackers can gain arbitrary command execution with elevated privileges ( root ) on affected devices.

Smartbedded MeteoBridge 是一个小型设备，可将个人气象站连接到公共天气网络，如 Weather Underground。它允许用户将微气候数据上传到互联网并进行共享。Meteobridge 的 Web 界面通过 CGI shell 脚本和 C 语言编写的 Web 应用程序管理气象站数据。然而，该界面暴露了一个易受命令注入攻击的终端节点，未经身份验证的远程攻击者可以在受影响的设备上以 root 权限执行任意命令。

Smartbedded MeteoBridge 固件 6.2以下版本存在远程命令执行漏洞，未经身份验证的远程攻击者可以在受影响的设备上以提升的权限 （ root） 获得任意命令执行。