Weintek cMT3000 HMI Web CGI Stack-based Buffer Overflow Vulnerability
2023-10-12
| CVE ID | CVE-2023-43492 |
|---|---|
| Severity | Critical |
| Affected Vendors | Weintek |
| Affected Products | cMT-FHD: OS version 20210210 or prior, cMT-HDM: OS version 20210204 or prior, cMT3071: OS version 20210218 or prior, cMT3072: OS version 20210218 or prior, cMT3103: OS version 20210218 or prior, cMT3090: OS version 20210218 or prior, cMT3151: OS version 20210218 or prior |
| Vulnerability Details | In Weintek’s cMT3000 HMI Web CGI device, the cgi-bin codesys.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication. |
| Solutions & Rules | · Fixed in cMT-FHD OS version 20210211 · Fixed in cMT-HDM OS version 20210205 · Fixed in cMT3071 OS version 20210219 · Fixed in cMT3072 OS version 20210219 · Fixed in cMT3103 OS version 20210219 · Fixed in cMT3090 OS version 20210219 · Fixed in cMT3151 OS version 20210219 |
| Credit | Hank Chen of TXOne Networks |