Cmt3072 Firmware Security Vulnerabilities and Issues — Cmt3072 Firmware CVE List

Lucene search

WeintekCmt3072 Firmware

6 matches found

CVE•added 2022/05/16 6:15 p.m.•75 views

CVE-2021-27442

The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unauthenticated remote attacker to inject malicious JavaScript code.

9.4CVSS6.7AI score0.00142EPSS

CVE•added 2022/05/16 6:15 p.m.•63 views

CVE-2021-27444

The Weintek cMT product line is vulnerable to various improper access controls, which may allow an unauthenticated attacker to remotely access and download sensitive information and perform administrative actions on behalf of a legitimate administrator.

9.8CVSS9.4AI score0.00298EPSS

CVE•added 2022/05/16 6:15 p.m.•58 views

CVE-2021-27446

The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute commands with root privileges on the operation system.

10CVSS9.9AI score0.00276EPSS

CVE•added 2023/10/19 8:15 p.m.•46 views

CVE-2023-38584

In Weintek's cMT3000 HMI Web CGI device, the cgi-bin command_wb.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication.

9.8CVSS9.6AI score0.00055EPSS

CVE•added 2023/10/19 8:15 p.m.•44 views

CVE-2023-43492

In Weintek's cMT3000 HMI Web CGI device, the cgi-bin codesys.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication.

9.8CVSS9.6AI score0.0008EPSS

CVE•added 2023/10/19 8:15 p.m.•36 views

CVE-2023-40145

In Weintek's cMT3000 HMI Web CGI device, an anonymous attacker can execute arbitrary commands after login to the device.

8.8CVSS9.1AI score0.00406EPSS