CVEs (9)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to stroe credentials in plaintext in the component uac_temp.db. |
1Weintek 2Cmt 3072xh2 Firmware EasywebMar 4, 2026 Mar 3, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue in the reset_pj.cgi endpoint of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to execute arbitrary commands via supplying a crafted GET request. |
1Weintek 2Cmt 3072xh2 Firmware EasywebMar 4, 2026 Mar 3, 2026 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Incorrect access control in the VNC component of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to access the HMI system. |
1Weintek 2Cmt 3072xh2 Firmware EasywebMar 4, 2026 Mar 3, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An authentication bypass vulnerability in the authorization mechanism of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to perform Administrative actions using service accounts. |
1Weintek 2Cmt 3072xh2 Firmware EasywebMar 9, 2026 Mar 3, 2026 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded encryption key which could allow attackers to access sensitive information. |
Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain an authenticated command injection vulnerability via the HMI Name parameter. |
Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded password in the FTP protocol. |
1Weintek 2Cmt 3072xh2 Firmware EasywebMar 4, 2026 Mar 3, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A command injection vulnerability in the DHCP activation feature of Weintek cMT-3072XH2 easyweb Web Version v2.1.53, OS v20231011 allows attackers to execute arbitrary commands with root privileges. |
Incorrect access control in the component download_wb.cgi of Weintek cMT-3072XH2 easyweb Web Version v2.1.53, OS v20231011 allows unauthenticated attack to download arbitrary files. |