The Weintek cMT product line is vulnerable to various improper access controls, which may allow an unauthenticated attacker to remotely access and download sensitive information and perform administrative actions on behalf of a legitimate administrator.
References
| Link | Resource |
|---|---|
| https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf | Mitigation Vendor Advisory |
| https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01 | Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
Configuration 5 (hide)
| AND |
|
Configuration 6 (hide)
| AND |
|
Configuration 7 (hide)
| AND |
|
Configuration 8 (hide)
| AND |
|
Configuration 9 (hide)
| AND |
|
Configuration 10 (hide)
| AND |
|
Configuration 11 (hide)
| AND |
|
Configuration 12 (hide)
| AND |
|
Configuration 13 (hide)
| AND |
|
Configuration 14 (hide)
| AND |
|
Configuration 15 (hide)
| AND |
|
Configuration 16 (hide)
| AND |
|
History
29 Jul 2022, 13:24
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | NVD-CWE-Other |
25 May 2022, 16:21
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
| References | (MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01 - Third Party Advisory, US Government Resource | |
| References | (CONFIRM) https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf - Mitigation, Vendor Advisory | |
| CWE | CWE-287 | |
| CPE | cpe:2.3:o:weintek:cmt-ctrl01_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:weintek:cmt3090:-:*:*:*:*:*:*:* cpe:2.3:o:weintek:cmt-g02_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:weintek:cmt-svr-100:-:*:*:*:*:*:*:* cpe:2.3:h:weintek:cmt-hdm:-:*:*:*:*:*:*:* cpe:2.3:o:weintek:cmt-svr-200_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:weintek:cmt3103:-:*:*:*:*:*:*:* cpe:2.3:h:weintek:cmt3072:-:*:*:*:*:*:*:* cpe:2.3:o:weintek:cmt3072_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:weintek:cmt-g01:-:*:*:*:*:*:*:* cpe:2.3:o:weintek:cmt-g04_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:weintek:cmt-g01_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:weintek:cmt-svr-100_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:weintek:cmt-hdm_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:weintek:cmt-svr-102:-:*:*:*:*:*:*:* cpe:2.3:h:weintek:cmt3151:-:*:*:*:*:*:*:* cpe:2.3:h:weintek:cmt-g03:-:*:*:*:*:*:*:* cpe:2.3:o:weintek:cmt3071_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:weintek:cmt-svr-102_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:weintek:cmt-g04:-:*:*:*:*:*:*:* cpe:2.3:h:weintek:cmt-ctrl01:-:*:*:*:*:*:*:* cpe:2.3:o:weintek:cmt-svr-202_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:weintek:cmt-fhd:-:*:*:*:*:*:*:* cpe:2.3:o:weintek:cmt3151_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:weintek:cmt-svr-202:-:*:*:*:*:*:*:* cpe:2.3:h:weintek:cmt-svr-200:-:*:*:*:*:*:*:* cpe:2.3:h:weintek:cmt-g02:-:*:*:*:*:*:*:* cpe:2.3:o:weintek:cmt3103_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:weintek:cmt3071:-:*:*:*:*:*:*:* cpe:2.3:o:weintek:cmt-fhd_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:weintek:cmt-g03_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:weintek:cmt3090_firmware:*:*:*:*:*:*:*:* |
16 May 2022, 18:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-05-16 18:15
Updated : 2024-02-04 22:29
NVD link : CVE-2021-27444
Mitre link : CVE-2021-27444
CVE.ORG link : CVE-2021-27444
JSON object : View
Products Affected
weintek
- cmt-fhd
- cmt3151
- cmt-ctrl01
- cmt-g02
- cmt3090
- cmt3071_firmware
- cmt3103_firmware
- cmt-fhd_firmware
- cmt-svr-102_firmware
- cmt3072
- cmt-g03
- cmt-hdm
- cmt3072_firmware
- cmt-g04_firmware
- cmt-svr-200
- cmt-ctrl01_firmware
- cmt-svr-202
- cmt-hdm_firmware
- cmt-g02_firmware
- cmt3071
- cmt-svr-102
- cmt-g03_firmware
- cmt-svr-200_firmware
- cmt-g01_firmware
- cmt-g01
- cmt-svr-100
- cmt-svr-202_firmware
- cmt3151_firmware
- cmt-g04
- cmt3090_firmware
- cmt3103
- cmt-svr-100_firmware
CWE