Skip to content
SPECIAL

THREATS TO CRITICAL INFRASTRUCTURE IN IRAN CONFLICT

READ MORE

Meteobridge web interface vulnerability let attackers inject commands remotely

(Rita E / Pixabay)

By Aman Mishra

ONEKEY Research Lab has uncovered a severe command injection vulnerability in the MeteoBridge firmware, a compact device designed to connect personal weather stations to public weather networks like Weather Underground.

This flaw, identified through ONEKEY’s recently introduced bash static code analysis on their platform, affects versions 6.1 and below of the MeteoBridge firmware, enabling remote, unauthenticated attackers to execute arbitrary commands with root privileges.

The vulnerability, now assigned CVE-2025-4008, has been patched in version 6.2 following a coordinated disclosure process. With a CVSS score of 8.7 (High), the impact of this issue underscores the critical need for robust firmware security in Internet-connected devices.

Read more at GBHackers

Click to listen highlighted text!