CRITICAL🇵🇱 Wersja polska

CVE-2023-0104

CVSS 9.3v3.1pub. 2023-02-22upd. 2024-11-21

The listed versions for Weintek EasyBuilder Pro are vulnerable to a ZipSlip attack caused by decompiling a malicious project file. This may allow an attacker to gain control of the user’s computer or gain access to sensitive data.  

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H
  • Weintek Easybuilder Pro

    APP
    Weintek
    < 6.07.02.4806.08.01.190 – 6.08.01.350 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Path Traversal
CWE
References

Related vulnerabilities

CVE-2023-5777CRITICAL9.8ten sam produkt

Weintek EasyBuilder Pro contains a vulnerability that, even when the private key is immediately deleted aft...

CVE-2024-55026CRITICAL9.8PL ✓ten sam vendor

Wykonanie dowolnych poleceń przez endpoint reset_pj.cgi w Weintek cMT-3072XH2

CVE-2024-55020CRITICAL9.8PL ✓ten sam vendor

Command injection z uprawnieniami root w Weintek cMT-3072XH2 easyweb

CVE-2024-55024CRITICAL9.8PL ✓ten sam vendor

Pominięcie uwierzytelniania w Weintek cMT-3072XH2 easyweb — dostęp administracyjny

CVE-2023-38584CRITICAL9.8ten sam vendor

In Weintek's cMT3000 HMI Web CGI device, the cgi-bin command_wb.cgi contains a stack-based buffer overf...