Weintek
Products
4- 9 CVEs
- 3 CVEs
- 3 CVEs
- 1 CVE
Recent CVEs
12| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-55027 | 0.00 | — | 0.00 | Mar 3, 2026 | Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to stroe credentials in plaintext in the component uac_temp.db. | |||
| CVE-2024-55023 | 0.00 | — | 0.00 | Mar 3, 2026 | Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded encryption key which could allow attackers to access sensitive information. | |||
| CVE-2024-55019 | 0.00 | — | 0.00 | Mar 3, 2026 | Incorrect access control in the component download_wb.cgi of Weintek cMT-3072XH2 easyweb Web Version v2.1.53, OS v20231011 allows unauthenticated attack to download arbitrary files. | |||
| CVE-2024-55022 | 0.00 | — | 0.00 | Mar 3, 2026 | Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain an authenticated command injection vulnerability via the HMI Name parameter. | |||
| CVE-2024-55026 | 0.00 | — | 0.00 | Mar 3, 2026 | An issue in the reset_pj.cgi endpoint of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to execute arbitrary commands via supplying a crafted GET request. | |||
| CVE-2024-55020 | 0.00 | — | 0.00 | Mar 3, 2026 | A command injection vulnerability in the DHCP activation feature of Weintek cMT-3072XH2 easyweb Web Version v2.1.53, OS v20231011 allows attackers to execute arbitrary commands with root privileges. | |||
| CVE-2024-55024 | 0.00 | — | 0.00 | Mar 3, 2026 | An authentication bypass vulnerability in the authorization mechanism of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to perform Administrative actions using service accounts. | |||
| CVE-2024-55025 | 0.00 | — | 0.00 | Mar 3, 2026 | Incorrect access control in the VNC component of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to access the HMI system. | |||
| CVE-2024-55021 | 0.00 | — | 0.00 | Mar 3, 2026 | Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded password in the FTP protocol. | |||
| CVE-2023-43492 | 0.00 | — | 0.00 | Oct 19, 2023 | In Weintek's cMT3000 HMI Web CGI device, the cgi-bin codesys.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication. | |||
| CVE-2023-40145 | 0.00 | — | 0.00 | Oct 19, 2023 | In Weintek's cMT3000 HMI Web CGI device, an anonymous attacker can execute arbitrary commands after login to the device. | |||
| CVE-2023-38584 | 0.00 | — | 0.00 | Oct 19, 2023 | In Weintek's cMT3000 HMI Web CGI device, the cgi-bin command_wb.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication. |
- CVE-2024-55027Mar 3, 2026risk 0.00cvss —epss 0.00
Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to stroe credentials in plaintext in the component uac_temp.db.
- CVE-2024-55023Mar 3, 2026risk 0.00cvss —epss 0.00
Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded encryption key which could allow attackers to access sensitive information.
- CVE-2024-55019Mar 3, 2026risk 0.00cvss —epss 0.00
Incorrect access control in the component download_wb.cgi of Weintek cMT-3072XH2 easyweb Web Version v2.1.53, OS v20231011 allows unauthenticated attack to download arbitrary files.
- CVE-2024-55022Mar 3, 2026risk 0.00cvss —epss 0.00
Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain an authenticated command injection vulnerability via the HMI Name parameter.
- CVE-2024-55026Mar 3, 2026risk 0.00cvss —epss 0.00
An issue in the reset_pj.cgi endpoint of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to execute arbitrary commands via supplying a crafted GET request.
- CVE-2024-55020Mar 3, 2026risk 0.00cvss —epss 0.00
A command injection vulnerability in the DHCP activation feature of Weintek cMT-3072XH2 easyweb Web Version v2.1.53, OS v20231011 allows attackers to execute arbitrary commands with root privileges.
- CVE-2024-55024Mar 3, 2026risk 0.00cvss —epss 0.00
An authentication bypass vulnerability in the authorization mechanism of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to perform Administrative actions using service accounts.
- CVE-2024-55025Mar 3, 2026risk 0.00cvss —epss 0.00
Incorrect access control in the VNC component of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to access the HMI system.
- CVE-2024-55021Mar 3, 2026risk 0.00cvss —epss 0.00
Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded password in the FTP protocol.
- CVE-2023-43492Oct 19, 2023risk 0.00cvss —epss 0.00
In Weintek's cMT3000 HMI Web CGI device, the cgi-bin codesys.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication.
- CVE-2023-40145Oct 19, 2023risk 0.00cvss —epss 0.00
In Weintek's cMT3000 HMI Web CGI device, an anonymous attacker can execute arbitrary commands after login to the device.
- CVE-2023-38584Oct 19, 2023risk 0.00cvss —epss 0.00
In Weintek's cMT3000 HMI Web CGI device, the cgi-bin command_wb.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication.