Weintek cMT3000 HMI Web CGI OS Command Injection Vulnerability
2023-10-12
| CVE ID | CVE-2023-40145 |
|---|---|
| Severity | High |
| Affected Vendors | Weintek |
| Affected Products | cMT-FHD: OS version 20210210 or prior, cMT-HDM: OS version 20210204 or prior, cMT3071: OS version 20210218 or prior, cMT3072: OS version 20210218 or prior, cMT3103: OS version 20210218 or prior, cMT3090: OS version 20210218 or prior, cMT3151: OS version 20210218 or prior |
| Vulnerability Details | In Weintek’s cMT3000 HMI Web CGI device, an anonymous attacker can execute arbitrary commands after login to the device. |
| Solutions & Rules | · Fixed in cMT-FHD OS version 20210211 · Fixed in cMT-HDM OS version 20210205 · Fixed in cMT3071 OS version 20210219 · Fixed in cMT3072 OS version 20210219 · Fixed in cMT3103 OS version 20210219 · Fixed in cMT3090 OS version 20210219 · Fixed in cMT3151 OS version 20210219 |
| Credit | Hank Chen of TXOne Networks |