Weintek CVEs & Vulnerabilities

9 CVEs affecting Weintek products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

easyweb 9cmt-3072xh2 9cmt-3072xh2 firmware 9
CVE-2024-55027HIGH

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to stroe credentials in plaintext in the component uac_temp.db.

3 Mar 2026
7.5
CVSS
CVE-2024-55026CRITICAL

An issue in the reset_pj.cgi endpoint of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to execute arbitrary commands via supplying a crafted GET request.

3 Mar 2026
9.8
CVSS
CVE-2024-55025MEDIUM

Incorrect access control in the VNC component of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to access the HMI system.

3 Mar 2026
6.5
CVSS
CVE-2024-55024CRITICAL

An authentication bypass vulnerability in the authorization mechanism of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to perform Administrative actions using service accounts.

3 Mar 2026
9.8
CVSS
CVE-2024-55023MEDIUM

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded encryption key which could allow attackers to access sensitive information.

3 Mar 2026
5.3
CVSS
CVE-2024-55022HIGH

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain an authenticated command injection vulnerability via the HMI Name parameter.

3 Mar 2026
8.8
CVSS
CVE-2024-55021HIGH

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded password in the FTP protocol.

3 Mar 2026
7.5
CVSS
CVE-2024-55020CRITICAL

A command injection vulnerability in the DHCP activation feature of Weintek cMT-3072XH2 easyweb Web Version v2.1.53, OS v20231011 allows attackers to execute arbitrary commands with root privileges.

3 Mar 2026
9.8
CVSS
CVE-2024-55019HIGH

Incorrect access control in the component download_wb.cgi of Weintek cMT-3072XH2 easyweb Web Version v2.1.53, OS v20231011 allows unauthenticated attack to download arbitrary files.

3 Mar 2026
7.5
CVSS
← PrevPage 1 / 1Next →