Meteobridge web interface vulnerability let attackers inject commands remotely
ONEKEY Research Lab has uncovered a severe command injection vulnerability in the MeteoBridge firmware, a compact device designed to connect personal weather stations to public weather networks like Weather Underground.
This flaw, identified through ONEKEY’s recently introduced bash static code analysis on their platform, affects versions 6.1 and below of the MeteoBridge firmware, enabling remote, unauthenticated attackers to execute arbitrary commands with root privileges.
The vulnerability, now assigned CVE-2025-4008, has been patched in version 6.2 following a coordinated disclosure process. With a CVSS score of 8.7 (High), the impact of this issue underscores the critical need for robust firmware security in Internet-connected devices.
Read more at GBHackers