In Weintek's cMT3000 HMI Web CGI device, an anonymous attacker can execute arbitrary commands after login to the device.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HWeintek Cmt3071
HWWeintekwszystkie wersjeWeintek Cmt3071 Firmware
OSWeintek< 20210220Weintek Cmt3072
HWWeintekwszystkie wersjeWeintek Cmt3072 Firmware
OSWeintek< 20210220Weintek Cmt3090
HWWeintekwszystkie wersjeWeintek Cmt3090 Firmware
OSWeintek< 20210220Weintek Cmt3103
HWWeintekwszystkie wersjeWeintek Cmt3103 Firmware
OSWeintek< 20210220Weintek Cmt3151
HWWeintekwszystkie wersjeWeintek Cmt3151 Firmware
OSWeintek< 20210220Weintek Cmt Fhd
HWWeintekwszystkie wersjeWeintek Cmt Fhd Firmware
OSWeintek< 20210212Weintek Cmt Hdm
HWWeintekwszystkie wersjeWeintek Cmt Hdm Firmware
OSWeintek< 20210206
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Command Injection
Related vulnerabilities
CVE-2023-38584CRITICAL9.8ten sam produkt
In Weintek's cMT3000 HMI Web CGI device, the cgi-bin command_wb.cgi contains a stack-based buffer overf...
CVE-2023-43492CRITICAL9.8ten sam produkt
In Weintek's cMT3000 HMI Web CGI device, the cgi-bin codesys.cgi contains a stack-based buffer overfl...
CVE-2021-27442CRITICAL9.4ten sam produkt
The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unaut...
CVE-2021-27444CRITICAL9.8ten sam produkt
The Weintek cMT product line is vulnerable to various improper access controls, which may allow an unauthentic...
CVE-2021-27446CRITICAL10.0ten sam produkt
The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attack...