Unrated severityNVD Advisory· Published Sep 27, 2023· Updated Aug 2, 2024

Viessmann Vitogate 300 Web Management Interface vitogate.cgi isValidUser hard-coded password

CVE-2023-5222

Description

A vulnerability classified as critical was found in Viessmann Vitogate 300 up to 2.1.3.0. This vulnerability affects the function isValidUser of the file /cgi-bin/vitogate.cgi of the component Web Management Interface. The manipulation leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240364. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Carrier/Vitogate 300llm-fuzzy
Range: <=2.1.3.0
Viessmann/Vitogate 300v5
Range: 2.1.0

Patches

Vulnerability mechanics

References

github.com/Push3AX/vul/blob/main/viessmann/Vitogate300_HardcodedPassword.mdmitreexploit
vuldb.commitresignaturepermissions-required
vuldb.commitrevdb-entrytechnical-description

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.060
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000