CVE-2021-27444

Weintek EasyWeb cMT Improper Access Control

CVSS 9.8 CRITICALEPSS 1.1%CWE-284

The Weintek cMT product line is vulnerable to various improper access controls, which may allow an unauthenticated attacker to remotely access and download sensitive information and perform administrative actions on behalf of a legitimate administrator.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Produtos afetados

Weintek · cMT3071/cMT3072/cMT3090/cMT3103/cMT3151 Weintek · cMT-CTRL01 Weintek · cMT-FHD Weintek · cMT-G01/G02 Weintek · cMT-G03/G04 Weintek · cMT-HDM Weintek · cMT-SVR-1xx/2xx

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01