← voltar
CVE-2023-43492

Weintek cMT3000 HMI Web CGI Stack-based Buffer Overflow

CVSS 9.8 CRITICALEPSS 0.9%CWE-121
In Weintek's cMT3000 HMI Web CGI device, the cgi-bin codesys.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
Weintek · cMT3071Weintek · cMT3072Weintek · cMT3090Weintek · cMT3103Weintek · cMT3151Weintek · cMT-FHDWeintek · cMT-HDM

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdfhttps://www.cisa.gov/news-events/ics-advisories/icsa-23-285-12