cbcvebase.

Weintek Cmt-3072Xh2 Firmware vulnerabilities

9 known vulnerabilities affecting weintek/cmt-3072xh2_firmware.

Total CVEs
9
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH4MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2024-55020P2CRITICALCVSS 9.8v202310112026-03-03
CVE-2024-55020 [CRITICAL] CWE-20 CVE-2024-55020: A command injection vulnerability in the DHCP activation feature of Weintek cMT-3072XH2 easyweb Web A command injection vulnerability in the DHCP activation feature of Weintek cMT-3072XH2 easyweb Web Version v2.1.53, OS v20231011 allows attackers to execute arbitrary commands with root privileges.
nvd
CVE-2024-55024P2CRITICALCVSS 9.8v202310112026-03-03
CVE-2024-55024 [CRITICAL] CWE-693 CVE-2024-55024: An authentication bypass vulnerability in the authorization mechanism of Weintek cMT-3072XH2 easyweb An authentication bypass vulnerability in the authorization mechanism of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to perform Administrative actions using service accounts.
nvd
CVE-2024-55026P2CRITICALCVSS 9.8v202310112026-03-03
CVE-2024-55026 [CRITICAL] CWE-256 CVE-2024-55026: An issue in the reset_pj.cgi endpoint of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows un An issue in the reset_pj.cgi endpoint of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to execute arbitrary commands via supplying a crafted GET request.
nvd
CVE-2024-55022P2HIGHCVSS 8.8v202310112026-03-03
CVE-2024-55022 [HIGH] CWE-94 CVE-2024-55022: Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain an authenticated command Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain an authenticated command injection vulnerability via the HMI Name parameter.
nvd
CVE-2024-55019P3HIGHCVSS 7.5v202310112026-03-03
CVE-2024-55019 [HIGH] CWE-284 CVE-2024-55019: Incorrect access control in the component download_wb.cgi of Weintek cMT-3072XH2 easyweb Web Version Incorrect access control in the component download_wb.cgi of Weintek cMT-3072XH2 easyweb Web Version v2.1.53, OS v20231011 allows unauthenticated attack to download arbitrary files.
nvd
CVE-2024-55021P3HIGHCVSS 7.5v202310112026-03-03
CVE-2024-55021 [HIGH] CWE-798 CVE-2024-55021: Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded password in Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded password in the FTP protocol.
nvd
CVE-2024-55027P3HIGHCVSS 7.5v202310112026-03-03
CVE-2024-55027 [HIGH] CWE-312 CVE-2024-55027: Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to stroe credentials in plaintext i Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to stroe credentials in plaintext in the component uac_temp.db.
nvd
CVE-2024-55025P3MEDIUMCVSS 6.5v202310112026-03-03
CVE-2024-55025 [MEDIUM] CWE-284 CVE-2024-55025: Incorrect access control in the VNC component of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 a Incorrect access control in the VNC component of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to access the HMI system.
nvd
CVE-2024-55023P4MEDIUMCVSS 5.3v202310112026-03-03
CVE-2024-55023 [MEDIUM] CWE-798 CVE-2024-55023: Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded encryption k Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded encryption key which could allow attackers to access sensitive information.
nvd
Weintek Cmt-3072Xh2 Firmware vulnerabilities | cvebase