TXOne Networks
Hero background

CVE-2023-43492

Last Updated: October 12, 2023

Weintek cMT3000 HMI Web CGI Stack-based Buffer Overflow Vulnerability

CVE IDCVE-2023-43492
SeverityCritical
Affected VendorsWeintek
Affected ProductscMT-FHD: OS version 20210210 or prior, cMT-HDM: OS version 20210204 or prior, cMT3071: OS version 20210218 or prior, cMT3072: OS version 20210218 or prior, cMT3103: OS version 20210218 or prior, cMT3090: OS version 20210218 or prior, cMT3151: OS version 20210218 or prior
Vulnerability DetailsIn Weintek’s cMT3000 HMI Web CGI device, the cgi-bin codesys.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication.
Solutions & Rules· Fixed in cMT-FHD OS version 20210211 · Fixed in cMT-HDM OS version 20210205 · Fixed in cMT3071 OS version 20210219 · Fixed in cMT3072 OS version 20210219 · Fixed in cMT3103 OS version 20210219 · Fixed in cMT3090 OS version 20210219 · Fixed in cMT3151 OS version 20210219
CreditHank Chen of TXOne Networks

Questions About This Advisory?

Our PSIRT team is here to help with security-related inquiries.

security@txone.com