CVE-2023-38584

Weintek cMT3000 HMI Web CGI Stack-based Buffer Overflow Vulnerability

Publication Date: 2023-10-12

Severity: Critical

Affected Vendor

Weintek

Affected Products

• cMT-FHD: OS version 20210210 or prior
• cMT-HDM: OS version 20210204 or prior
• cMT3071: OS version 20210218 or prior
• cMT3072: OS version 20210218 or prior
• cMT3103: OS version 20210218 or prior
• cMT3090: OS version 20210218 or prior
• cMT3151: OS version 20210218 or prior

Description

In Weintek's cMT3000 HMI Web CGI device, the cgi-bin command_wb.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication.

Fixed Versions

• cMT-FHD: OS version 20210211
• cMT-HDM: OS version 20210205
• cMT3071: OS version 20210219
• cMT3072: OS version 20210219
• cMT3103: OS version 20210219
• cMT3090: OS version 20210219
• cMT3151: OS version 20210219

Credit

Hank Chen of TXOne Networks