
CVE-2023-0104
Last Updated: February 14, 2023
Weintek EasyBuilder Pro cMT Series ZipSlip Vulnerability
| CVE ID | CVE-2023-0104 |
|---|---|
| Severity | Critical |
| Affected Vendors | Weintek |
| Affected Products | EasyBuilder Pro v6.07.01 and prior, EasyBuilder Pro v6.07.02.479 and prior, EasyBuilder Pro v6.08.01.349 and prior |
| Vulnerability Details | The listed versions for Weintek EasyBuilder Pro are vulnerable to a ZipSlip attack caused by decompiling a malicious project file. This may allow an attacker to gain control of the user’s computer or gain access to sensitive data. |
| Solutions & Rules | Fixed in EasyBuilder Pro to v6.07.02.480, v6.08.01.350 or later |
| Credit | Hank Chen and Mars Cheng of TXOne Networks |
Questions About This Advisory?
Our PSIRT team is here to help with security-related inquiries.
security@txone.com