PT-2023-31569 · Weintek · Weintek Cmt2078X Easyweb

Published

2023-12-19

Updated

2023-12-29

CVE-2023-50466

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Weintek cMT2078X easyweb Web Version v2.1.3, OS v20220215

Description An authenticated command injection issue allows attackers to execute arbitrary code or access sensitive information by injecting a crafted payload into the HMI Name parameter.

Recommendations For Weintek cMT2078X easyweb Web Version v2.1.3, OS v20220215, consider restricting access to the HMI Name parameter to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2023-50466

Affected Products

Weintek Cmt2078X Easyweb

PT-2023-31569 · Weintek · Weintek Cmt2078X Easyweb

CVE-2023-50466

Weakness Enumeration

Related Identifiers

Affected Products

References · 5