How to fix CVE-2024-55024?

Within 24 hours: Inventory all Weintek cMT-3072XH2 devices running easyweb v2.1.53 and isolate them from untrusted networks. Within 7 days: Implement network segmentation to restrict administrative access to authorized personnel only, monitor for suspicious authentication patterns, and contact Weintek for security guidance. Within 30 days: Deploy compensating controls (WAF rules, access restrictions), establish a timeline with Weintek for patch deployment, and conduct security audit of affected systems for unauthorized access.

Is Easyweb affected by CVE-2024-55024?

A critical authentication bypass vulnerability in Weintek cMT-3072XH2 devices (easyweb v2.1.53) allows attackers to gain administrative access without valid credentials, potentially compromising industrial control systems and sensitive operational data.

CVE-2024-55024

CRITICAL

2026-03-03 [email protected]

9.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:05 vuln.today

CVE Published

Mar 03, 2026 - 20:16 nvd

CRITICAL 9.8

Description

An authentication bypass vulnerability in the authorization mechanism of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to perform Administrative actions using service accounts.

Analysis

Auth bypass in Weintek cMT-3072XH2 authorization mechanism.

Technical Context

CWE-693.

Affected Products

['Weintek cMT-3072XH2']

Remediation

Update firmware.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +49

POC: 0

CVE-2024-55024 vulnerability details – vuln.today

Back

CVE-2024-55024

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2024-55024

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code