cbcvebase.

Weintek Cmt-Ctrl01 vulnerabilities

5 known vulnerabilities affecting weintek/cmt-ctrl01.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH2MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2021-27446P2CRITICALCVSS 9.8≥ unspecified, < 202103022022-05-16
CVE-2021-27446 [CRITICAL] CWE-94 CVE-2021-27446: The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated rem The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute commands with root privileges on the operation system.
nvd
CVE-2025-14751P3HIGHCVSS 8.7≥ 20230308, < 202508272026-01-22
CVE-2025-14751 [HIGH] CWE-620 CVE-2025-14751: A low-privileged user can bypass account credentials without confirming the user's current authentic A low-privileged user can bypass account credentials without confirming the user's current authentication state, which may lead to unauthorized privilege escalation.
nvd
CVE-2021-27444P3CRITICALCVSS 9.8≥ unspecified, < 202103022022-05-16
CVE-2021-27444 [CRITICAL] CWE-284 CVE-2021-27444: The Weintek cMT product line is vulnerable to various improper access controls, which may allow an u The Weintek cMT product line is vulnerable to various improper access controls, which may allow an unauthenticated attacker to remotely access and download sensitive information and perform administrative actions on behalf of a legitimate administrator.
nvd
CVE-2025-14750P3HIGHCVSS 8.7≥ 20230308, < 202508272026-01-22
CVE-2025-14750 [HIGH] CWE-472 CVE-2025-14750: The web application does not sufficiently verify inputs that are assumed to be immutable but are act The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable. A low-privileged user can modify the parameters and potentially manipulate account-level privileges.
nvd
CVE-2021-27442P4MEDIUMCVSS 6.1≥ unspecified, < 202103022022-05-16
CVE-2021-27442 [MEDIUM] CWE-79 CVE-2021-27442: The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allo The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unauthenticated remote attacker to inject malicious JavaScript code.
nvd
Weintek Cmt-Ctrl01 vulnerabilities | cvebase