PT-2023-31569 · Weintek · Weintek Cmt2078X Easyweb

Publicado

2023-12-19

Atualizado

2023-12-29

CVE-2023-50466

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Weintek cMT2078X easyweb Web Version v2.1.3, OS v20220215

Description An authenticated command injection issue allows attackers to execute arbitrary code or access sensitive information by injecting a crafted payload into the HMI Name parameter.

Recommendations For Weintek cMT2078X easyweb Web Version v2.1.3, OS v20220215, consider restricting access to the HMI Name parameter to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

OS Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78

Identificadores relacionados

CVE-2023-50466

Produtos afetados

Weintek Cmt2078X Easyweb

PT-2023-31569 · Weintek · Weintek Cmt2078X Easyweb

CVE-2023-50466

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5