CVE-2023-0104

Last Updated: April 8, 2024

CVE ID: CVE-2023-0104

Title: Weintek EasyBuilder Pro cMT Series ZipSlip Vulnerability

Publication Date: 2023-02-14

Severity: Critical

Affected Products

Vendor: Weintek

EasyBuilder Pro v6.07.01 and prior
EasyBuilder Pro v6.07.02.479 and prior
EasyBuilder Pro v6.08.01.349 and prior

Vulnerability Details

The listed versions for Weintek EasyBuilder Pro are vulnerable to a ZipSlip attack caused by decompiling a malicious project file. This may allow an attacker to gain control of the user's computer or gain access to sensitive data.

Solutions & Remediation

Fixed in: EasyBuilder Pro v6.07.02.480, v6.08.01.350 or later

Credit

The vulnerability was discovered by Hank Chen and Mars Cheng of TXOne Networks.

Questions About This Advisory?

Our PSIRT team is here to help with security-related inquiries.

psirt@txone.com

← Back to PSIRT