CVE-2023-40145

Weintek cMT3000 HMI Web CGI OS Command Injection Vulnerability

Publication Date: 2023-10-12

Severity Level: High

Description

In Weintek's cMT3000 HMI Web CGI device, an anonymous attacker can execute arbitrary commands after login to the device.

Affected Products

• cMT-FHD (OS version 20210210 or prior)
• cMT-HDM (OS version 20210204 or prior)
• cMT3071 (OS version 20210218 or prior)
• cMT3072 (OS version 20210218 or prior)
• cMT3103 (OS version 20210218 or prior)
• cMT3090 (OS version 20210218 or prior)
• cMT3151 (OS version 20210218 or prior)

Fixed Versions

• cMT-FHD: OS version 20210211
• cMT-HDM: OS version 20210205
• cMT3071: OS version 20210219
• cMT3072: OS version 20210219
• cMT3103: OS version 20210219
• cMT3090: OS version 20210219
• cMT3151: OS version 20210219

Credit

Hank Chen of TXOne Networks