CVE-2021-27444

Weintek EasyWeb cMT Improper Access Control

CVSS 9.8 CRITICALEPSS 1.1%CWE-284

The Weintek cMT product line is vulnerable to various improper access controls, which may allow an unauthenticated attacker to remotely access and download sensitive information and perform administrative actions on behalf of a legitimate administrator.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Productos afectados

Weintek · cMT3071/cMT3072/cMT3090/cMT3103/cMT3151 Weintek · cMT-CTRL01 Weintek · cMT-FHD Weintek · cMT-G01/G02 Weintek · cMT-G03/G04 Weintek · cMT-HDM Weintek · cMT-SVR-1xx/2xx

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01