CVE-2024-55021
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD
Description
Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded password in the FTP protocol.
Affected (2)
Products: Weintek: Cmt 3072xh2 Firmware, Easyweb
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 20231011 | |
| Version 2.1.53 |
| Running on/with | Platform Versions |
|---|---|
Weintek Cmt 3072xh2 | All versions |
Related CWEs
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
CWE-798
Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key.
References (2)
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Timeline
No history available yet.