GCVE - cpe:2.3:o:weintek:cmt-3072xh2_firmware:20231011:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:o:weintek:cmt-3072xh2_firmware:20231011:*:*:*:*:*:*:*

part: o version: 20231011 update: *

Vendor	Weintek (`b4691633-4eb4-52d5-bc64-ee82eca3c353`)
Product	Cmt 3072Xh2 Firmware (`391cb790-9214-5af4-9ca6-17c08e883b15`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-55027`	vulnerable	2026-06-03 14:57:41.871770	Details available Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to stroe credentials in plaintext in the component uac_temp.db. Published: 2026-03-03T00:00:00.000Z Updated: 2026-03-04T14:42:03.757Z Open on db.gcve.eu Reference links https://plain-trick-71d.notion.site/weintek-cMT-3072XH2-14687a89c4c181eeb21ad61e0392f34b?pvs=4 https://gist.github.com/AenganZ/f86ed0da28825a1432ec697f484622de	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-55026`	vulnerable	2026-06-03 14:57:41.871265	Details available An issue in the reset_pj.cgi endpoint of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to execute arbitrary commands via supplying a crafted GET request. Published: 2026-03-03T00:00:00.000Z Updated: 2026-03-04T14:47:02.116Z Open on db.gcve.eu Reference links https://plain-trick-71d.notion.site/weintek-cMT-3072XH2-14687a89c4c181eeb21ad61e0392f34b?pvs=4 https://gist.github.com/AenganZ/f86ed0da28825a1432ec697f484622de	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-55025`	vulnerable	2026-06-03 14:57:41.870942	Details available Incorrect access control in the VNC component of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to access the HMI system. Published: 2026-03-03T00:00:00.000Z Updated: 2026-03-03T19:15:17.121Z Open on db.gcve.eu Reference links https://plain-trick-71d.notion.site/weintek-cMT-3072XH2-14687a89c4c181eeb21ad61e0392f34b?pvs=4 https://gist.github.com/AenganZ/f86ed0da28825a1432ec697f484622de	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-55024`	vulnerable	2026-06-03 14:57:41.870524	Details available An authentication bypass vulnerability in the authorization mechanism of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to perform Administrative actions using service accounts. Published: 2026-03-03T00:00:00.000Z Updated: 2026-03-03T19:55:39.484Z Open on db.gcve.eu Reference links https://plain-trick-71d.notion.site/weintek-cMT-3072XH2-14687a89c4c181eeb21ad61e0392f34b?pvs=4 https://gist.github.com/AenganZ/f86ed0da28825a1432ec697f484622de	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-55023`	vulnerable	2026-06-03 14:57:41.870179	Details available Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded encryption key which could allow attackers to access sensitive information. Published: 2026-03-03T00:00:00.000Z Updated: 2026-03-03T19:56:36.465Z Open on db.gcve.eu Reference links https://plain-trick-71d.notion.site/weintek-cMT-3072XH2-14687a89c4c181eeb21ad61e0392f34b?pvs=4 https://gist.github.com/AenganZ/f86ed0da28825a1432ec697f484622de	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-55022`	vulnerable	2026-06-03 14:57:41.869559	Details available Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain an authenticated command injection vulnerability via the HMI Name parameter. Published: 2026-03-03T00:00:00.000Z Updated: 2026-03-04T14:45:46.715Z Open on db.gcve.eu Reference links https://plain-trick-71d.notion.site/weintek-cMT-3072XH2-14687a89c4c181eeb21ad61e0392f34b?pvs=4 https://gist.github.com/AenganZ/f86ed0da28825a1432ec697f484622de	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-55021`	vulnerable	2026-06-03 14:57:41.868900	Details available Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded password in the FTP protocol. Published: 2026-03-03T00:00:00.000Z Updated: 2026-03-04T14:59:52.171Z Open on db.gcve.eu Reference links https://plain-trick-71d.notion.site/weintek-cMT-3072XH2-14687a89c4c181eeb21ad61e0392f34b?pvs=4 https://gist.github.com/AenganZ/f86ed0da28825a1432ec697f484622de	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-55020`	vulnerable	2026-06-03 14:57:41.868517	Details available A command injection vulnerability in the DHCP activation feature of Weintek cMT-3072XH2 easyweb Web Version v2.1.53, OS v20231011 allows attackers to execute arbitrary commands with root privileges. Published: 2026-03-03T00:00:00.000Z Updated: 2026-03-03T20:14:18.373Z Open on db.gcve.eu Reference links https://plain-trick-71d.notion.site/weintek-cMT-3072XH2-14687a89c4c181eeb21ad61e0392f34b?pvs=4 https://gist.github.com/AenganZ/f86ed0da28825a1432ec697f484622de	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-55019`	vulnerable	2026-06-03 14:57:41.866122	Details available Incorrect access control in the component download_wb.cgi of Weintek cMT-3072XH2 easyweb Web Version v2.1.53, OS v20231011 allows unauthenticated attack to download arbitrary files. Published: 2026-03-03T00:00:00.000Z Updated: 2026-03-03T19:16:42.980Z Open on db.gcve.eu Reference links https://plain-trick-71d.notion.site/weintek-cMT-3072XH2-14687a89c4c181eeb21ad61e0392f34b?pvs=4 https://gist.github.com/AenganZ/f86ed0da28825a1432ec697f484622de	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Cmt 3072Xh2 Firmware

PURL mappings

Vulnerability references

Contribute