CVE-2021-27444
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD
Description
The Weintek cMT product line is vulnerable to various improper access controls, which may allow an unauthenticated attacker to remotely access and download sensitive information and perform administrative actions on behalf of a legitimate administrator.
Affected (16)
Products: Weintek: Cmt Svr 100 Firmware, Cmt Svr 102 Firmware, Cmt Svr 200 Firmware, Cmt Svr 202 Firmware, Cmt G01 Firmware, Cmt G02 Firmware, Cmt G03 Firmware, Cmt G04 Firmware, Cmt3071 Firmware, Cmt3072 Firmware, Cmt3090 Firmware, Cmt3103 Firmware, Cmt3151 Firmware, Cmt Hdm Firmware, Cmt Fhd Firmware, Cmt Ctrl01 Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 20210305 |
| Running on/with | Platform Versions |
|---|---|
Weintek Cmt Svr 100 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 20210305 |
| Running on/with | Platform Versions |
|---|---|
Weintek Cmt Svr 102 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before 20210305 |
| Running on/with | Platform Versions |
|---|---|
Weintek Cmt Svr 200 | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before 20210305 |
| Running on/with | Platform Versions |
|---|---|
Weintek Cmt Svr 202 | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before 20210209 |
| Running on/with | Platform Versions |
|---|---|
Weintek Cmt G01 | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Before 20210209 |
| Running on/with | Platform Versions |
|---|---|
Weintek Cmt G02 | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Before 20210222 |
| Running on/with | Platform Versions |
|---|---|
Weintek Cmt G03 | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Before 20210222 |
| Running on/with | Platform Versions |
|---|---|
Weintek Cmt G04 | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Before 20210218 |
| Running on/with | Platform Versions |
|---|---|
Weintek Cmt3071 | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Before 20210218 |
| Running on/with | Platform Versions |
|---|---|
Weintek Cmt3072 | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Before 20210218 |
| Running on/with | Platform Versions |
|---|---|
Weintek Cmt3090 | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Before 20210218 |
| Running on/with | Platform Versions |
|---|---|
Weintek Cmt3103 | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Before 20210218 |
| Running on/with | Platform Versions |
|---|---|
Weintek Cmt3151 | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Before 20210204 |
| Running on/with | Platform Versions |
|---|---|
Weintek Cmt Hdm | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| Before 20210208 |
| Running on/with | Platform Versions |
|---|---|
Weintek Cmt Fhd | All versions |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| Before 20210302 |
| Running on/with | Platform Versions |
|---|---|
Weintek Cmt Ctrl01 | All versions |
References (4)
Source: ics-cert@hq.dhs.gov
MitigationVendor Advisory
Source: ics-cert@hq.dhs.gov
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource
Timeline
No history available yet.