CVE-2021-27444
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The Weintek cMT product line is vulnerable to various improper access controls, which may allow an unauthenticated attacker to remotely access and download sensitive information and perform administrative actions on behalf of a legitimate administrator.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Weintek | cMT-SVR-1xx/2xx | unspecified < 20210305 | affected |
| Weintek | cMT-G01/G02 | unspecified < 20210209 | affected |
| Weintek | cMT-G03/G04 | unspecified < 20210222 | affected |
| Weintek | cMT3071/cMT3072/cMT3090/cMT3103/cMT3151 | unspecified < 20210218 | affected |
| Weintek | cMT-HDM | unspecified < 20210204 | affected |
| Weintek | cMT-FHD | unspecified < 20210208 | affected |
| Weintek | cMT-CTRL01 | unspecified < 20210302 | affected |
Weaknesses
- CWE-284: CWE-284: Improper Access Control
ADP Enrichment
CVE Program Container
Additional References
- https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01
- https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
- https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01
- https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.