Vulnerabilities (CVE)

  1. Yack CVE
  2. Vulnerabilities (CVE)
Filtered by vendor Weintek
Filtered by product Easyweb
Angry Yack Logo
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-55019 1 Weintek 3 Cmt-3072xh2, Cmt-3072xh2 Firmware, Easyweb 2026-03-04 N/A 7.5 HIGH
Incorrect access control in the component download_wb.cgi of Weintek cMT-3072XH2 easyweb Web Version v2.1.53, OS v20231011 allows unauthenticated attack to download arbitrary files.
CVE-2024-55020 1 Weintek 3 Cmt-3072xh2, Cmt-3072xh2 Firmware, Easyweb 2026-03-04 N/A 9.8 CRITICAL
A command injection vulnerability in the DHCP activation feature of Weintek cMT-3072XH2 easyweb Web Version v2.1.53, OS v20231011 allows attackers to execute arbitrary commands with root privileges.
CVE-2024-55024 1 Weintek 3 Cmt-3072xh2, Cmt-3072xh2 Firmware, Easyweb 2026-03-04 N/A 9.8 CRITICAL
An authentication bypass vulnerability in the authorization mechanism of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to perform Administrative actions using service accounts.
CVE-2024-55025 1 Weintek 3 Cmt-3072xh2, Cmt-3072xh2 Firmware, Easyweb 2026-03-04 N/A 6.5 MEDIUM
Incorrect access control in the VNC component of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to access the HMI system.
CVE-2024-55026 1 Weintek 3 Cmt-3072xh2, Cmt-3072xh2 Firmware, Easyweb 2026-03-04 N/A 9.8 CRITICAL
An issue in the reset_pj.cgi endpoint of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to execute arbitrary commands via supplying a crafted GET request.
CVE-2024-55027 1 Weintek 3 Cmt-3072xh2, Cmt-3072xh2 Firmware, Easyweb 2026-03-04 N/A 7.5 HIGH
Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to stroe credentials in plaintext in the component uac_temp.db.