cbcvebase.
CVE-2021-27442
published 2022-05-16

CVE-2021-27442: The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unauthenticated remote attacker to inject malicious…

PriorityP424medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.82%
52.5th percentile
The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unauthenticated remote attacker to inject malicious JavaScript code.

Affected

23 ranges
VendorProductVersion rangeFixed in
weintekcmt-ctrl01>= unspecified < 2021030220210302
weintekcmt-ctrl01_firmware< 2021030220210302
weintekcmt-fhd>= unspecified < 2021020820210208
weintekcmt-fhd_firmware< 2021020820210208
weintekcmt-g01_firmware< 2021020920210209
weintekcmt-g01_g02>= unspecified < 2021020920210209
weintekcmt-g02_firmware< 2021020920210209
weintekcmt-g03_firmware< 2021022220210222
weintekcmt-g03_g04>= unspecified < 2021022220210222
weintekcmt-g04_firmware< 2021022220210222
weintekcmt-hdm>= unspecified < 2021020420210204
weintekcmt-hdm_firmware< 2021020420210204
weintekcmt-svr-100_firmware< 2021030520210305
weintekcmt-svr-102_firmware< 2021030520210305
weintekcmt-svr-1xx_2xx>= unspecified < 2021030520210305
weintekcmt-svr-200_firmware< 2021030520210305
weintekcmt-svr-202_firmware< 2021030520210305
weintekcmt3071_cmt3072_cmt3090_cmt3103_cmt3151>= unspecified < 2021021820210218
weintekcmt3071_firmware< 2021021820210218
weintekcmt3072_firmware< 2021021820210218
weintekcmt3090_firmware< 2021021820210218
weintekcmt3103_firmware< 2021021820210218
weintekcmt3151_firmware< 2021021820210218

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.