CVE-2021-27444

Weintek EasyWeb cMT Improper Access Control

CVSS 9.8 CRITICALEPSS 1.1%CWE-284

The Weintek cMT product line is vulnerable to various improper access controls, which may allow an unauthenticated attacker to remotely access and download sensitive information and perform administrative actions on behalf of a legitimate administrator.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Weintek · cMT3071/cMT3072/cMT3090/cMT3103/cMT3151 Weintek · cMT-CTRL01 Weintek · cMT-FHD Weintek · cMT-G01/G02 Weintek · cMT-G03/G04 Weintek · cMT-HDM Weintek · cMT-SVR-1xx/2xx

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01