An issue in the reset_pj.cgi endpoint of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to execute arbitrary commands via supplying a crafted GET request.
The attacker sends a specially crafted HTTP GET request to the reset_pj.cgi endpoint available in the device's easyweb interface. The endpoint does not verify the requester's identity or filter input data, leading to the execution of system commands embedded in the request in the device's context. The vulnerability is classified as CWE-256, indicating unsafe storage or handling of authentication data.
An unauthenticated remote attacker can execute arbitrary commands on the device, leading to a complete breach of confidentiality, integrity and availability of the system, including potential takeover of the HMI panel in an industrial environment.
Patches available from the manufacturer should be applied according to the references. Until the fix is deployed, it is recommended to restrict network access to the easyweb interface through a firewall, implement OT/ICS network segmentation, and disable unused network interfaces on the device.
Weintek cMT-3072XH2 with easyweb v2.1.53 software and OS v20231011 operating system
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HWeintek Cmt 3072xh2
HWWeintekwszystkie wersjeWeintek Cmt 3072xh2 Firmware
OSWeintek20231011Weintek Easyweb
APPWeintek2.1.53
Related vulnerabilities
Command injection z uprawnieniami root w Weintek cMT-3072XH2 easyweb
Pominięcie uwierzytelniania w Weintek cMT-3072XH2 easyweb — dostęp administracyjny
Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain an authenticated command injection...
Incorrect access control in the component download_wb.cgi of Weintek cMT-3072XH2 easyweb Web Version v2.1.53, ...
Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded password in the FTP pr...