Cmt 3072xh2 Firmware

9 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2024-55027 HIGH This Week

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to stroe credentials in plaintext in the component uac_temp.db. [CVSS 7.5 HIGH]

Information Disclosure Cmt 3072xh2 Firmware Easyweb
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2024-55026 CRITICAL Act Now

Command execution via reset_pj.cgi in Weintek cMT-3072XH2.

RCE Easyweb Cmt 3072xh2 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-55025 MEDIUM This Month

Incorrect access control in the VNC component of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to access the HMI system. [CVSS 6.5 MEDIUM]

Authentication Bypass Easyweb Cmt 3072xh2 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-55024 CRITICAL Act Now

Auth bypass in Weintek cMT-3072XH2 authorization mechanism.

Authentication Bypass Easyweb Cmt 3072xh2 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-55023 MEDIUM This Month

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded encryption key which could allow attackers to access sensitive information. [CVSS 5.3 MEDIUM]

Authentication Bypass Cmt 3072xh2 Firmware Easyweb
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2024-55022 HIGH This Week

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain an authenticated command injection vulnerability via the HMI Name parameter. [CVSS 8.8 HIGH]

Command Injection Cmt 3072xh2 Firmware Easyweb
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-55021 HIGH This Week

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded password in the FTP protocol. [CVSS 7.5 HIGH]

Authentication Bypass Cmt 3072xh2 Firmware Easyweb
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2024-55020 CRITICAL Act Now

Command injection in Weintek cMT-3072XH2 HMI DHCP activation. EPSS 0.30%.

Command Injection Cmt 3072xh2 Firmware Easyweb
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-55019 HIGH This Week

Incorrect access control in the component download_wb.cgi of Weintek cMT-3072XH2 easyweb Web Version v2.1.53, OS v20231011 allows unauthenticated attack to download arbitrary files. [CVSS 7.5 HIGH]

Authentication Bypass Easyweb Cmt 3072xh2 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2024-55027
EPSS 0% CVSS 7.5
HIGH This Week

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to stroe credentials in plaintext in the component uac_temp.db. [CVSS 7.5 HIGH]

Information Disclosure Cmt 3072xh2 Firmware Easyweb
NVD GitHub
CVE-2024-55026
EPSS 0% CVSS 9.8
CRITICAL Act Now

Command execution via reset_pj.cgi in Weintek cMT-3072XH2.

RCE Easyweb Cmt 3072xh2 Firmware
NVD GitHub
CVE-2024-55025
EPSS 0% CVSS 6.5
MEDIUM This Month

Incorrect access control in the VNC component of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to access the HMI system. [CVSS 6.5 MEDIUM]

Authentication Bypass Easyweb Cmt 3072xh2 Firmware
NVD GitHub
CVE-2024-55024
EPSS 0% CVSS 9.8
CRITICAL Act Now

Auth bypass in Weintek cMT-3072XH2 authorization mechanism.

Authentication Bypass Easyweb Cmt 3072xh2 Firmware
NVD GitHub
CVE-2024-55023
EPSS 0% CVSS 5.3
MEDIUM This Month

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded encryption key which could allow attackers to access sensitive information. [CVSS 5.3 MEDIUM]

Authentication Bypass Cmt 3072xh2 Firmware Easyweb
NVD GitHub
CVE-2024-55022
EPSS 0% CVSS 8.8
HIGH This Week

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain an authenticated command injection vulnerability via the HMI Name parameter. [CVSS 8.8 HIGH]

Command Injection Cmt 3072xh2 Firmware Easyweb
NVD GitHub
CVE-2024-55021
EPSS 0% CVSS 7.5
HIGH This Week

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded password in the FTP protocol. [CVSS 7.5 HIGH]

Authentication Bypass Cmt 3072xh2 Firmware Easyweb
NVD GitHub
CVE-2024-55020
EPSS 0% CVSS 9.8
CRITICAL Act Now

Command injection in Weintek cMT-3072XH2 HMI DHCP activation. EPSS 0.30%.

Command Injection Cmt 3072xh2 Firmware Easyweb
NVD GitHub
CVE-2024-55019
EPSS 0% CVSS 7.5
HIGH This Week

Incorrect access control in the component download_wb.cgi of Weintek cMT-3072XH2 easyweb Web Version v2.1.53, OS v20231011 allows unauthenticated attack to download arbitrary files. [CVSS 7.5 HIGH]

Authentication Bypass Easyweb Cmt 3072xh2 Firmware
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy