A command injection vulnerability in the DHCP activation feature of Weintek cMT-3072XH2 easyweb Web Version v2.1.53, OS v20231011 allows attackers to execute arbitrary commands with root privileges.
The vulnerability results from insufficient input validation (CWE-20) in the DHCP activation function of the easyweb interface. An attacker can submit specially crafted input data containing malicious system commands, which are then passed directly to the operating system command interpreter (CWE-78). Since the vulnerable component runs with root privileges, injected commands are executed with the highest privilege level in the system. The attack is possible remotely over the network without requiring authentication.
An attacker gains full control of the device with root privileges, enabling data reading and modification, installation of malicious software, disruption of HMI device operation, and potential lateral movement in industrial networks (OT/ICS).
Apply patches available from the manufacturer according to the references. Until updates are applied, it is recommended to isolate the device from public networks, restrict access to the easyweb interface exclusively to trusted hosts using a firewall, and monitor network traffic directed to the device.
Weintek cMT-3072XH2 with easyweb Web Version v2.1.53 and OS v20231011
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HWeintek Cmt 3072xh2
HWWeintekwszystkie wersjeWeintek Cmt 3072xh2 Firmware
OSWeintek20231011Weintek Easyweb
APPWeintek2.1.53
Related vulnerabilities
Wykonanie dowolnych poleceń przez endpoint reset_pj.cgi w Weintek cMT-3072XH2
Pominięcie uwierzytelniania w Weintek cMT-3072XH2 easyweb — dostęp administracyjny
Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain an authenticated command injection...
Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to stroe credentials in plaintext in the comp...
Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded password in the FTP pr...