CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2023-43492

CVSS 9.8v3.1pub. 2023-10-19upd. 2024-11-21

In Weintek's cMT3000 HMI Web CGI device, the cgi-bin codesys.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Weintek Cmt3071

    HW
    Weintek
    wszystkie wersje
  • Weintek Cmt3071 Firmware

    OS
    Weintek
    < 20210220
  • Weintek Cmt3072

    HW
    Weintek
    wszystkie wersje
  • Weintek Cmt3072 Firmware

    OS
    Weintek
    < 20210220
  • Weintek Cmt3090

    HW
    Weintek
    wszystkie wersje
  • Weintek Cmt3090 Firmware

    OS
    Weintek
    < 20210220
  • Weintek Cmt3103

    HW
    Weintek
    wszystkie wersje
  • Weintek Cmt3103 Firmware

    OS
    Weintek
    < 20210220
  • Weintek Cmt3151

    HW
    Weintek
    wszystkie wersje
  • Weintek Cmt3151 Firmware

    OS
    Weintek
    < 20210220
  • Weintek Cmt Fhd

    HW
    Weintek
    wszystkie wersje
  • Weintek Cmt Fhd Firmware

    OS
    Weintek
    < 20210212
  • Weintek Cmt Hdm

    HW
    Weintek
    wszystkie wersje
  • Weintek Cmt Hdm Firmware

    OS
    Weintek
    < 20210206
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2023-38584CRITICAL9.8ten sam produkt

In Weintek's cMT3000 HMI Web CGI device, the cgi-bin command_wb.cgi contains a stack-based buffer overf...

CVE-2021-27442CRITICAL9.4ten sam produkt

The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unaut...

CVE-2021-27444CRITICAL9.8ten sam produkt

The Weintek cMT product line is vulnerable to various improper access controls, which may allow an unauthentic...

CVE-2021-27446CRITICAL10.0ten sam produkt

The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attack...

CVE-2023-40145HIGH8.8ten sam produkt

In Weintek's cMT3000 HMI Web CGI device, an anonymous attacker can execute arbitrary commands after l...