TXOne Networks
Hero background

CVE-2023-40145

Last Updated: October 12, 2023

Weintek cMT3000 HMI Web CGI OS Command Injection Vulnerability

CVE IDCVE-2023-40145
SeverityHigh
Affected VendorsWeintek
Affected ProductscMT-FHD: OS version 20210210 or prior, cMT-HDM: OS version 20210204 or prior, cMT3071: OS version 20210218 or prior, cMT3072: OS version 20210218 or prior, cMT3103: OS version 20210218 or prior, cMT3090: OS version 20210218 or prior, cMT3151: OS version 20210218 or prior
Vulnerability DetailsIn Weintek’s cMT3000 HMI Web CGI device, an anonymous attacker can execute arbitrary commands after login to the device.
Solutions & Rules· Fixed in cMT-FHD OS version 20210211 · Fixed in cMT-HDM OS version 20210205 · Fixed in cMT3071 OS version 20210219 · Fixed in cMT3072 OS version 20210219 · Fixed in cMT3103 OS version 20210219 · Fixed in cMT3090 OS version 20210219 · Fixed in cMT3151 OS version 20210219
CreditHank Chen of TXOne Networks

Questions About This Advisory?

Our PSIRT team is here to help with security-related inquiries.

security@txone.com