The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute commands with root privileges on the operation system.
References
Link | Resource |
---|---|
https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf | Mitigation Vendor Advisory |
https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01 | Third Party Advisory US Government Resource |
https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf | Mitigation Vendor Advisory |
https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01 | Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
Configuration 12 (hide)
AND |
|
Configuration 13 (hide)
AND |
|
Configuration 14 (hide)
AND |
|
Configuration 15 (hide)
AND |
|
Configuration 16 (hide)
AND |
|
History
21 Nov 2024, 05:58
Type | Values Removed | Values Added |
---|---|---|
References | () https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf - Mitigation, Vendor Advisory | |
References | () https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01 - Third Party Advisory, US Government Resource | |
CVSS |
v2 : v3 : |
v2 : 10.0
v3 : 10.0 |
25 May 2022, 16:13
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-94 | |
CPE | cpe:2.3:o:weintek:cmt-ctrl01_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:weintek:cmt3090:-:*:*:*:*:*:*:* cpe:2.3:o:weintek:cmt-g02_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:weintek:cmt-svr-100:-:*:*:*:*:*:*:* cpe:2.3:h:weintek:cmt-hdm:-:*:*:*:*:*:*:* cpe:2.3:o:weintek:cmt-svr-200_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:weintek:cmt3103:-:*:*:*:*:*:*:* cpe:2.3:h:weintek:cmt3072:-:*:*:*:*:*:*:* cpe:2.3:o:weintek:cmt3072_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:weintek:cmt-g01:-:*:*:*:*:*:*:* cpe:2.3:o:weintek:cmt-g04_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:weintek:cmt-g01_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:weintek:cmt-svr-100_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:weintek:cmt-hdm_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:weintek:cmt-svr-102:-:*:*:*:*:*:*:* cpe:2.3:h:weintek:cmt3151:-:*:*:*:*:*:*:* cpe:2.3:h:weintek:cmt-g03:-:*:*:*:*:*:*:* cpe:2.3:o:weintek:cmt3071_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:weintek:cmt-svr-102_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:weintek:cmt-g04:-:*:*:*:*:*:*:* cpe:2.3:h:weintek:cmt-ctrl01:-:*:*:*:*:*:*:* cpe:2.3:o:weintek:cmt-svr-202_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:weintek:cmt-fhd:-:*:*:*:*:*:*:* cpe:2.3:o:weintek:cmt3151_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:weintek:cmt-svr-202:-:*:*:*:*:*:*:* cpe:2.3:h:weintek:cmt-svr-200:-:*:*:*:*:*:*:* cpe:2.3:h:weintek:cmt-g02:-:*:*:*:*:*:*:* cpe:2.3:o:weintek:cmt3103_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:weintek:cmt3071:-:*:*:*:*:*:*:* cpe:2.3:o:weintek:cmt-fhd_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:weintek:cmt-g03_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:weintek:cmt3090_firmware:*:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 10.0
v3 : 9.8 |
References | (MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01 - Third Party Advisory, US Government Resource | |
References | (CONFIRM) https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf - Mitigation, Vendor Advisory |
16 May 2022, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-05-16 18:15
Updated : 2024-11-21 05:58
NVD link : CVE-2021-27446
Mitre link : CVE-2021-27446
CVE.ORG link : CVE-2021-27446
JSON object : View
Products Affected
weintek
- cmt-svr-202
- cmt-g03
- cmt-hdm
- cmt3151
- cmt3072
- cmt-g03_firmware
- cmt-g02
- cmt-svr-202_firmware
- cmt-svr-102
- cmt-svr-100
- cmt-svr-200
- cmt-g01_firmware
- cmt3103
- cmt-ctrl01
- cmt3103_firmware
- cmt-svr-200_firmware
- cmt-fhd
- cmt3072_firmware
- cmt3090
- cmt-hdm_firmware
- cmt-svr-100_firmware
- cmt-fhd_firmware
- cmt3071
- cmt-g02_firmware
- cmt-g01
- cmt-ctrl01_firmware
- cmt-svr-102_firmware
- cmt-g04
- cmt3090_firmware
- cmt-g04_firmware
- cmt3071_firmware
- cmt3151_firmware
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')