In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method.
View the template here CVE-2023-45852.yaml
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-45852