TXOne Networks
Hero background

CVE-2023-0104

Last Updated: February 14, 2023

Weintek EasyBuilder Pro cMT Series ZipSlip Vulnerability

CVE IDCVE-2023-0104
SeverityCritical
Affected VendorsWeintek
Affected ProductsEasyBuilder Pro v6.07.01 and prior, EasyBuilder Pro v6.07.02.479 and prior, EasyBuilder Pro v6.08.01.349 and prior
Vulnerability DetailsThe listed versions for Weintek EasyBuilder Pro are vulnerable to a ZipSlip attack caused by decompiling a malicious project file. This may allow an attacker to gain control of the user’s computer or gain access to sensitive data.
Solutions & RulesFixed in EasyBuilder Pro to v6.07.02.480, v6.08.01.350 or later
CreditHank Chen and Mars Cheng of TXOne Networks

Questions About This Advisory?

Our PSIRT team is here to help with security-related inquiries.

security@txone.com