CVE-2023-0104

Summary

The listed versions for Weintek EasyBuilder Pro are vulnerable to a ZipSlip attack caused by decompiling a malicious project file. This may allow an attacker to gain control of the user’s computer or gain access to sensitive data.  

Affected Software

VendorProductVersion RangeStatus
WeintekEasyBuilder Pro cMT0 <= 6.07.01affected
WeintekEasyBuilder Pro cMT0 <= 6.07.02.479affected
WeintekEasyBuilder Pro cMT0 <= 6.08.01.349affected

Weaknesses

  • CWE-29: CWE-29 Path Traversal: '..\filename'

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References