Rule Document 1:65375

Report a false positive

Rule Category

SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.

Alert Message

SERVER-WEBAPP Smartbedded Meteobridge command injection attempt

Rule Explanation

This rule looks for command injection metacharacters present in the parameter names or values in HTTP requests sent to the /cgi-bin/template.cgi or /public/template.cgi endpoint on Smartbedded Meteobridge web applications.

What To Look For

This rule looks for attempts to exploit a command injection vulnerability in Smartbedded Meteobridge web applications.

Known Usage

Attacks/Scans seen in the wild

False Positives

Known false positives, with the described conditions

This rule will alert on any command injection characters present in the URI query parameters sent to /cgi-bin/template.cgi or /public/template.cgi.

Contributors

Cisco Talos Intelligence Group

Rule Groups

Rule Categories::Server::Web Applications

MITRE::ATT&CK Framework::Enterprise::Initial Access::Exploit Public-Facing Application

Vulnerability::Severity::Critical

Vulnerability::Severity::High

CVE

CVE-2025-4008

Additional Links

forum.meteohub.de/viewtopic.php?t=18687

Rule Vulnerability

Command Injection

Command Injection attacks target applications that allow unsafe user-supplied input. Attackers transmit this input via forms, cookies, HTTP headers, etc. and exploit the applications permissions to execute system commands without injecting code.

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.
CVE-2025-4008
 Loading description