Cmt3090 Firmware
Approved changes feed: RSS · Atom
cpe:2.3:o:weintek:cmt3090_firmware:*:*:*:*:*:*:*:*
part: o version: * update: *
| Vendor | Weintek (b4691633-4eb4-52d5-bc64-ee82eca3c353) |
|---|---|
| Product | Cmt3090 Firmware (be90d09c-da71-515f-a516-323acc8a381a) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-43492 |
vulnerable | 2026-06-03 14:52:55.536599 |
Weintek cMT3000 HMI Web CGI Stack-based Buffer Overflow
CRITICAL (9.8)
In Weintek's cMT3000 HMI Web CGI device, the cgi-bin codesys.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication.
Published: 2023-10-19T19:28:59.236Z
Updated: 2025-01-16T21:28:29.900Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-40145 |
vulnerable | 2026-06-03 14:52:42.590060 |
Weintek cMT3000 HMI Web CGI OS Command Injection
HIGH (8.8)
In Weintek's cMT3000 HMI Web CGI device, an anonymous attacker can execute arbitrary commands after login to the device.
Published: 2023-10-19T19:26:20.948Z
Updated: 2025-01-16T21:28:39.035Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-38584 |
vulnerable | 2026-06-03 14:52:31.631868 |
Weintek cMT3000 HMI Web CGI Stack-based Buffer Overflow
CRITICAL (9.8)
In Weintek's cMT3000 HMI Web CGI device, the cgi-bin command_wb.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication.
Published: 2023-10-19T19:20:20.059Z
Updated: 2025-01-16T21:28:46.086Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-27446 |
vulnerable | 2026-06-03 14:44:15.954855 |
Weintek EasyWeb cMT Code Injection
CRITICAL (10)
The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute commands with root privileges on the operation system.
Published: 2022-05-16T17:15:44.847Z
Updated: 2025-04-16T16:21:16.549Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-27444 |
vulnerable | 2026-06-03 14:44:15.945602 |
Weintek EasyWeb cMT Improper Access Control
CRITICAL (9.8)
The Weintek cMT product line is vulnerable to various improper access controls, which may allow an unauthenticated attacker to remotely access and download sensitive information and perform administrative actions on behalf of a legitimate administrator.
Published: 2022-05-16T17:15:15.597Z
Updated: 2025-04-16T16:21:25.289Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-27442 |
vulnerable | 2026-06-03 14:44:15.934566 |
Weintek EasyWeb cMT Cross-site Scripting
CRITICAL (9.4)
The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unauthenticated remote attacker to inject malicious JavaScript code.
Published: 2022-05-16T17:13:17.743Z
Updated: 2025-04-16T16:21:32.645Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.