TXOne Networks

CVE-2023-43492

Last Updated: April 8, 2024

Weintek cMT3000 HMI Web CGI Stack-based Buffer Overflow Vulnerability

Publication Date: 2023-10-12

Severity: Critical

Affected Vendor

Weintek

Affected Products

  • cMT-FHD (OS version 20210210 or prior)
  • cMT-HDM (OS version 20210204 or prior)
  • cMT3071 (OS version 20210218 or prior)
  • cMT3072 (OS version 20210218 or prior)
  • cMT3103 (OS version 20210218 or prior)
  • cMT3090 (OS version 20210218 or prior)
  • cMT3151 (OS version 20210218 or prior)

Description

The cgi-bin codesys.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication.

Fixed Versions

  • cMT-FHD: OS version 20210211
  • cMT-HDM: OS version 20210205
  • cMT3071: OS version 20210219
  • cMT3072: OS version 20210219
  • cMT3103: OS version 20210219
  • cMT3090: OS version 20210219
  • cMT3151: OS version 20210219

Credit

Hank Chen of TXOne Networks

Questions About This Advisory?

Our PSIRT team is here to help with security-related inquiries.

psirt@txone.com
Back to PSIRT