23 matches found
CVE-2026-33068 Claude Code has a Workspace Trust Dialog Bypass via Repo-Controlled Settings File
Claude Code is an agentic coding tool. Versions prior to 2.1.53 resolved the permission mode from settings files, including the repo-controlled .claude/settings.json, before determining whether to display the workspace trust confirmation dialog. A malicious repository could set...
CVE-2024-55020
A command injection vulnerability in the DHCP activation feature of Weintek cMT-3072XH2 easyweb Web Version v2.1.53, OS v20231011 allows attackers to execute arbitrary commands with root privileges...
CVE-2024-55021
Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded password in the FTP protocol...
CVE-2024-55020
A command injection vulnerability in the DHCP activation feature of Weintek cMT-3072XH2 easyweb Web Version v2.1.53, OS v20231011 allows attackers to execute arbitrary commands with root privileges...
Weintek cMT 安全漏洞
Weintek cMT is a human-computer interface application developed by Weintek Corporation. Version 2.1.53 of Weintek cMT contains a security vulnerability, which stems from hard-coded passwords in the FTP protocol...
CVE-2024-55026
An issue in the resetpj.cgi endpoint of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to execute arbitrary commands via supplying a crafted GET request...
Weintek cMT-3072XH2 easyweb 安全漏洞
Weintek cMT-3072XH2 easyweb is an intelligent human-computer interaction interface developed by Weintek Company in Taiwan, China. The version of Weintek cMT-3072XH2 easyweb v2.1.53 contains a security vulnerability. This vulnerability stems from an authorization mechanism that allows bypass of...
Weintek cMT 安全漏洞
Weintek cMT is a human-computer interface application developed by Weintek Corporation. Version 2.1.53 of Weintek cMT contains a security vulnerability. This vulnerability stems from improper access control in the downloadwb.cgi component, which may allow unverified attackers to download...
CVE-2024-55025
CVE-2024-55025 concerns an access control flaw in the VNC component of Weintek cMT-3072XH2 easyweb, affecting version 2.1.53 on OS 20231011 . The issue permits unauthorized attackers to access the HMI system , per multiple sources. The root cause is described as an incorrect access control mechan...
CVE-2024-55023
Weintek cMT-3072XH2 easyweb v2.1.53 on OS v20231011 contains a hardcoded encryption key, enabling potential access to sensitive information (CVE-2024-55023). Affected component: easyweb (Weintek). Underlying cause: hardcoded key disclosed in description. Documented impact: confidentiality impact ...
PT-2026-22783
Name of the Vulnerable Software and Affected Versions Weintek cMT-3072XH2 easyweb version 2.1.53, OS version 20231011 Description An issue exists in the reset pj.cgi endpoint of the software that allows unauthorized attackers to execute arbitrary commands by submitting a specially crafted GET...
Weintek cMT 安全漏洞
Weintek cMT is a human-computer interface application developed by Weintek Corporation. Version 2.1.53 of Weintek cMT contains a security vulnerability, which stems from the uactemp.db component storing credentials in plaintext...
EUVD-2024-55458
Incorrect access control in the component downloadwb.cgi of Weintek cMT-3072XH2 easyweb Web Version v2.1.53, OS v20231011 allows unauthenticated attack to download arbitrary files...
CVE-2024-55024
CVE-2024-55024 affects Weintek cMT-3072XH2 easyweb, v2.1.53, with OS v20231011. The vulnerability is an authentication bypass in the software’s authorization mechanism that allows unauthorized attackers to perform administrative actions using service accounts. Public details in the provided sourc...
PT-2026-22779
Name of the Vulnerable Software and Affected Versions Weintek cMT-3072XH2 easyweb version 2.1.53, OS version 20231011 Description The software contains an authenticated command injection issue. The issue is triggered via the HMI Name parameter. An attacker with valid credentials can inject...
EUVD-2024-55466
Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to stroe credentials in plaintext in the component uactemp.db...
PT-2026-22781
Name of the Vulnerable Software and Affected Versions Weintek cMT-3072XH2 easyweb version 2.1.53, OS version 20231011 Description An authentication bypass exists in the authorization mechanism of the software. This allows unauthorized attackers to perform administrative actions using service...
PT-2026-22776
Incorrect access control in the component download wb.cgi of Weintek cMT-3072XH2 easyweb Web Version v2.1.53, OS v20231011 allows unauthenticated attack to download arbitrary files...
CVE-2024-55022
CVE-2024-55022 affects Weintek cMT-3072XH2 easyweb v2.1.53 on OS v20231011. An authenticated command injection vulnerability exists in the HMI Name parameter, allowing an attacker with valid credentials to inject commands. Public details indicate a high-severity impact (CVE metrics show high conf...
CVE-2024-55026
CVE-2024-55026 affects Weintek cMT-3072XH2 easyweb (v2.1.53) with OS v20231011. The issue is in the reset_pj.cgi endpoint, where a crafted GET request can lead to arbitrary command execution. Documented impact is high/critical (unauthorized, network-remote access with no user interaction). Root c...