CVE-2024-55019

High CVSS: 7.5

Incorrect access control in the component download_wb.cgi of Weintek cMT-3072XH2 easyweb Web Version v2.1.53, OS v20231011 allows unauthenticated attack to download arbitrary files.

Vendor

Weintek

Product

Easyweb

CWE

CWE-284

Yayın Tarihi

2026-03-03 20:16:40

Güncelleme

2026-03-04 20:10:31

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-284 Easyweb HIGH Weintek 2026

Referanslar

https://gist.github.com/AenganZ/f86ed0da28825a1432ec697f484622de https://plain-trick-71d.notion.site/weintek-cMT-3072XH2-14687a89c4c181eeb21ad61e0392f34b?pvs=4

Benzer Kayıtlar

High

CVE-2024-55021

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded password in the FTP protocol.

High

CVE-2024-55022

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain an authenticated command injection vulnerabi…

Medium

CVE-2024-55023

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded encryption key which could allow…

Critical

CVE-2024-55024

An authentication bypass vulnerability in the authorization mechanism of Weintek cMT-3072XH2 easyweb v2.1.53, OS v202310…

Medium

CVE-2024-55025

Incorrect access control in the VNC component of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized a…

Critical

CVE-2024-55026

An issue in the reset_pj.cgi endpoint of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers…