Weintek Cmt-3072xh2_firmware
9 CVEs affecting Weintek Cmt-3072xh2_firmware. Latest disclosed: 2026-03-03. Critical: 3, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-55026 | Critical | 9.8 | 2026-03-03 | An issue in the reset_pj.cgi endpoint of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to execute arbitrary commands via supp… |
CVE-2024-55024 | Critical | 9.8 | 2026-03-03 | An authentication bypass vulnerability in the authorization mechanism of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to per… |
CVE-2024-55020 | Critical | 9.8 | 2026-03-03 | A command injection vulnerability in the DHCP activation feature of Weintek cMT-3072XH2 easyweb Web Version v2.1.53, OS v20231011 allows attackers to execute a… |
CVE-2024-55022 | High | 8.8 | 2026-03-03 | Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain an authenticated command injection vulnerability via the HMI Name parameter. |
CVE-2024-55027 | High | 7.5 | 2026-03-03 | Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to stroe credentials in plaintext in the component uac_temp.db. |
CVE-2024-55021 | High | 7.5 | 2026-03-03 | Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded password in the FTP protocol. |
CVE-2024-55019 | High | 7.5 | 2026-03-03 | Incorrect access control in the component download_wb.cgi of Weintek cMT-3072XH2 easyweb Web Version v2.1.53, OS v20231011 allows unauthenticated attack to dow… |
CVE-2024-55025 | Medium | 6.5 | 2026-03-03 | Incorrect access control in the VNC component of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to access the HMI system. |
CVE-2024-55023 | Medium | 5.3 | 2026-03-03 | Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded encryption key which could allow attackers to access sensitive informat… |