CVE-2024-55026

Name of the Vulnerable Software and Affected Versions Weintek cMT-3072XH2 easyweb version 2.1.53, OS version 20231011

Description An issue exists in the reset pj.cgi endpoint of the software that allows unauthorized attackers to execute arbitrary commands by submitting a specially crafted GET request. The vulnerable endpoint is /reset pj.cgi. Attackers can supply a crafted GET request to this endpoint to achieve command execution.

Recommendations Apply a fix or update to a newer version that addresses this issue. As a temporary workaround, restrict access to the reset pj.cgi endpoint.