CRITICAL🇬🇧 English

CVE-2023-5777

CVSS 9.8v3.1pub. 2023-11-06upd. 2024-11-21

Weintek EasyBuilder Pro contains a vulnerability that, even when the private key is immediately deleted after the crash report transmission is finished, the private key is exposed to the public, which could result in obtaining remote control of the crash report server.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Weintek Easybuilder Pro

    APP
    Weintek
    < 6.07.026.08.01.190 – 6.08.01.614 (bez)6.08.02 – 6.08.02.500 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2023-0104CRITICAL9.3ten sam produkt

The listed versions for Weintek EasyBuilder Pro are vulnerable to a ZipSlip attack caused by decompiling a ma...

CVE-2024-55026CRITICAL9.8PL ✓ten sam vendor

Wykonanie dowolnych poleceń przez endpoint reset_pj.cgi w Weintek cMT-3072XH2

CVE-2024-55020CRITICAL9.8PL ✓ten sam vendor

Command injection z uprawnieniami root w Weintek cMT-3072XH2 easyweb

CVE-2024-55024CRITICAL9.8PL ✓ten sam vendor

Pominięcie uwierzytelniania w Weintek cMT-3072XH2 easyweb — dostęp administracyjny

CVE-2023-38584CRITICAL9.8ten sam vendor

In Weintek's cMT3000 HMI Web CGI device, the cgi-bin command_wb.cgi contains a stack-based buffer overf...