CVE-2024-55020

Critical CVSS: 9.8

A command injection vulnerability in the DHCP activation feature of Weintek cMT-3072XH2 easyweb Web Version v2.1.53, OS v20231011 allows attackers to execute arbitrary commands with root privileges.

Vendor

Weintek

Product

Easyweb

CWE

CWE-20

Yayın Tarihi

2026-03-03 20:16:40

Güncelleme

2026-03-04 20:03:26

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-20 Easyweb CRITICAL Weintek 2026

Referanslar

https://gist.github.com/AenganZ/f86ed0da28825a1432ec697f484622de https://plain-trick-71d.notion.site/weintek-cMT-3072XH2-14687a89c4c181eeb21ad61e0392f34b?pvs=4

Benzer Kayıtlar

High

CVE-2024-55021

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded password in the FTP protocol.

High

CVE-2024-55022

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain an authenticated command injection vulnerabi…

Medium

CVE-2024-55023

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded encryption key which could allow…

Critical

CVE-2024-55024

An authentication bypass vulnerability in the authorization mechanism of Weintek cMT-3072XH2 easyweb v2.1.53, OS v202310…

Medium

CVE-2024-55025

Incorrect access control in the VNC component of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized a…

Critical

CVE-2024-55026

An issue in the reset_pj.cgi endpoint of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers…