Weintek EasyBuilder Pro contains a vulnerability that, even when the private key is immediately deleted after the crash report transmission is finished, the private key is exposed to the public, which could result in obtaining remote control of the crash report server.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HWeintek Easybuilder Pro
APPWeintek< 6.07.026.08.01.190 – 6.08.01.614 (bez)6.08.02 – 6.08.02.500 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Related vulnerabilities
CVE-2023-0104CRITICAL9.3ten sam produkt
The listed versions for Weintek EasyBuilder Pro are vulnerable to a ZipSlip attack caused by decompiling a ma...
CVE-2024-55026CRITICAL9.8PL ✓ten sam vendor
Wykonanie dowolnych poleceń przez endpoint reset_pj.cgi w Weintek cMT-3072XH2
CVE-2024-55020CRITICAL9.8PL ✓ten sam vendor
Command injection z uprawnieniami root w Weintek cMT-3072XH2 easyweb
CVE-2024-55024CRITICAL9.8PL ✓ten sam vendor
Pominięcie uwierzytelniania w Weintek cMT-3072XH2 easyweb — dostęp administracyjny
CVE-2023-38584CRITICAL9.8ten sam vendor
In Weintek's cMT3000 HMI Web CGI device, the cgi-bin command_wb.cgi contains a stack-based buffer overf...