MeteoBridge template.cgi command injection

Added: 10/03/2025
CVE: CVE-2025-4008

Background

MeteoBridge is a device which connects personal weather stations to public weather networks.

Problem

A command injection vulnerability in the MeteoBridge web interface could allow remote, unauthenticated attackers to execute arbitrary commands by sending a specially crafted request to public/template.cgi.

Resolution

Upgrade to Meteobridge 6.2 or higher. Instructions for upgrading are in the meteohub.de post.

References

https://www.onekey.com/resource/security-advisory-remote-command-execution-on-smartbedded-meteobridge-cve-2025-4008

Platforms

MeteoBridge

Back to exploit index