EUVD-2024-55458

Incorrect access control in the component downloadwb.cgi of Weintek cMT-3072XH2 easyweb Web Version v2.1.53, OS v20231011 allows unauthenticated attack to download arbitrary files...

CVE-2024-55023

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded encryption key which could allow attackers to access sensitive information...

CVE-2024-55021

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded password in the FTP protocol...

CVE-2025-14751

Summary: CVE-2025-14751 describes a vulnerability in the Weintek cMT X Series HMI EasyWeb Service where a low-privileged user can bypass account credentials without verifying the current authentication state, potentially enabling unauthorized privilege escalation. What’s affected (from provided s...

CVE-2025-14751 Unverified Password Change in Weintek cMT X Series HMI EasyWeb Service

A low-privileged user can bypass account credentials without confirming the user's current authentication state, which may lead to unauthorized privilege escalation...

CVE-2025-14751 Unverified Password Change in Weintek cMT X Series HMI EasyWeb Service

A low-privileged user can bypass account credentials without confirming the user's current authentication state, which may lead to unauthorized privilege escalation...

CVE-2025-14750

CVE-2025-14750 affects Weintek cMT X Series HMI EasyWeb Service. The vulnerability arises from insufficient validation of inputs that are assumed immutable but are externally controllable, enabling a low-privileged user to modify parameters and potentially escalate privileges to account-level acc...

CVE-2025-14750 External Control of Assumed-Immutable Web Parameter in Weintek cMT X Series HMI EasyWeb Service

The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable. A low-privileged user can modify the parameters and potentially manipulate account-level privileges...

CVE-2025-14750 External Control of Assumed-Immutable Web Parameter in Weintek cMT X Series HMI EasyWeb Service

The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable. A low-privileged user can modify the parameters and potentially manipulate account-level privileges...

Weintek cMT X Series HMI EasyWeb Service

RISK EVALUATION Successful exploitation of these vulnerabilities could allow a low-level user to alter privileges and gain full control to the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:...

EUVD-2018-9181

Malware in sbrugna...

EUVD-2004-2039

Malware in sbrugna...

easyweb.comune.prato.it Cross Site Scripting vulnerability OBB-3889303

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

easyweb.comune.prato.it Cross Site Scripting vulnerability OBB-3885367

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2023-50466

An authenticated command injection vulnerability in Weintek cMT2078X easyweb Web Version v2.1.3, OS v20220215 allows attackers to execute arbitrary code or access sensitive information via injecting a crafted payload into the HMI Name parameter...

CVE-2023-50466

An authenticated command injection vulnerability in Weintek cMT2078X easyweb Web Version v2.1.3, OS v20220215 allows attackers to execute arbitrary code or access sensitive information via injecting a crafted payload into the HMI Name parameter...

CVE-2023-50466

An authenticated command injection vulnerability in Weintek cMT2078X easyweb Web Version v2.1.3, OS v20220215 allows attackers to execute arbitrary code or access sensitive information via injecting a crafted payload into the HMI Name parameter...

Command injection

An authenticated command injection vulnerability in Weintek cMT2078X easyweb Web Version v2.1.3, OS v20220215 allows attackers to execute arbitrary code or access sensitive information via injecting a crafted payload into the HMI Name parameter...

CVE-2023-50466

An authenticated command injection vulnerability in Weintek cMT2078X easyweb Web Version v2.1.3, OS v20220215 allows attackers to execute arbitrary code or access sensitive information via injecting a crafted payload into the HMI Name parameter...

CVE-2023-50466

The CVE-2023-50466 issue affects Weintek cMT2078X EasyWeb Web, Version v2.1.3, OS v20220215. The vulnerability is an authenticated command injection in the HMI Name parameter, allowing an attacker with valid credentials to execute arbitrary code or access sensitive information. Affected component...