CyberSec.Space Logo
Back to CVE Browser

CVE-2021-27446

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0760%
EPSS Percentile43.42th
PublishedMay 16, 2022
Last ModifiedNov 21, 2024

Vulnerability Description

The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute commands with root privileges on the operation system.

Affected Platforms (CPE)

πŸ’»
Weintek

Cmt Svr 100 Firmware

< 20210305
πŸ’»
Weintek

Cmt Svr 102 Firmware

< 20210305
πŸ’»
Weintek

Cmt Svr 200 Firmware

< 20210305
πŸ’»
Weintek

Cmt Svr 202 Firmware

< 20210305
πŸ’»
Weintek

Cmt G01 Firmware

< 20210209
πŸ’»
Weintek

Cmt G02 Firmware

< 20210209
πŸ’»
Weintek

Cmt G03 Firmware

< 20210222
πŸ’»
Weintek

Cmt G04 Firmware

< 20210222
πŸ’»
Weintek

Cmt3071 Firmware

< 20210218
πŸ’»
Weintek

Cmt3072 Firmware

< 20210218
πŸ’»
Weintek

Cmt3090 Firmware

< 20210218
πŸ’»
Weintek

Cmt3103 Firmware

< 20210218
πŸ’»
Weintek

Cmt3151 Firmware

< 20210218
πŸ’»
Weintek

Cmt Hdm Firmware

< 20210204
πŸ’»
Weintek

Cmt Fhd Firmware

< 20210208
πŸ’»
Weintek

Cmt Ctrl01 Firmware

< 20210302

References & Advisories

πŸ”— https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf
πŸ”— https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01
πŸ”— https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf
πŸ”— https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01

Related Vulnerabilities

CVE-2021-2124310.0

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, a Kubernetes REST endpoint exposes two methods that deser...

CVE-2021-021110.0

An improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved Routing Protocol Daemon ...

CVE-2021-3467910.0

Thycotic Password Reset Server before 5.3.0 allows credential disclosure.

CVE-2021-2124410.0

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, There is a vulnerability that enabled pre-auth server sid...