9 matches found
CVE-2024-55027
The CVE-2024-55027 entry concerns Weintek cMT-3072XH2 easyweb v2.1.53 (OS v20231011). The vulnerability involves storing credentials in plaintext within the component uac_temp.db, exposing sensitive data and impacting confidentiality. The provided connected sources (Red Hat, NVD, CVE lists, and s...
CVE-2024-55020
CVE-2024-55020 affects Weintek cMT-3072XH2 easyweb Web Version 2.1.53, OS v20231011. The DHCP activation feature exposes a command-injection flaw that allows attackers to run arbitrary commands with root privileges. CVSSv3.1: Network, Privileges None, User Interaction None, Impact: High (Confiden...
CVE-2024-55019
Weintek cMT-3072XH2 easyweb Web Version v2.1.53 (OS v20231011) contains an access-control flaw in the download_wb.cgi component that allows unauthenticated users to download arbitrary files. The vulnerability is tied to incorrect access control in the relevant web interface, enabling potential da...
CVE-2024-55021
The CVE-2024-55021 entry concerns Weintek cMT-3072XH2 easyweb v2.1.53 running OS v20231011, which reportedly contains a hardcoded password in the FTP protocol. The Red Hat/NVD references confirm an affected product and indicate an impact on confidentiality (C: High) with no integrity or availabil...
CVE-2024-55022
CVE-2024-55022 affects Weintek cMT-3072XH2 easyweb v2.1.53 on OS v20231011. An authenticated command injection vulnerability exists in the HMI Name parameter, allowing an attacker with valid credentials to inject commands. Public details indicate a high-severity impact (CVE metrics show high conf...
CVE-2024-55026
CVE-2024-55026 affects Weintek cMT-3072XH2 easyweb (v2.1.53) with OS v20231011. The issue is in the reset_pj.cgi endpoint, where a crafted GET request can lead to arbitrary command execution. Documented impact is high/critical (unauthorized, network-remote access with no user interaction). Root c...
CVE-2024-55024
CVE-2024-55024 affects Weintek cMT-3072XH2 easyweb, v2.1.53, with OS v20231011. The vulnerability is an authentication bypass in the software’s authorization mechanism that allows unauthorized attackers to perform administrative actions using service accounts. Public details in the provided sourc...
CVE-2024-55025
CVE-2024-55025 concerns an access control flaw in the VNC component of Weintek cMT-3072XH2 easyweb, affecting version 2.1.53 on OS 20231011 . The issue permits unauthorized attackers to access the HMI system , per multiple sources. The root cause is described as an incorrect access control mechan...
CVE-2024-55023
Weintek cMT-3072XH2 easyweb v2.1.53 on OS v20231011 contains a hardcoded encryption key, enabling potential access to sensitive information (CVE-2024-55023). Affected component: easyweb (Weintek). Underlying cause: hardcoded key disclosed in description. Documented impact: confidentiality impact ...