CVE-2021-27444

EUVD-2021-14198
The Weintek cMT product line is vulnerable to various improper access controls, which may allow an unauthenticated attacker to remotely access and download sensitive information and perform administrative actions on behalf of a legitimate administrator.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
icscertCNA
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
Affected Products (NVD)
VendorProductVersion
weintekcmt-svr-100_firmware
𝑥
< 20210305
weintekcmt-svr-102_firmware
𝑥
< 20210305
weintekcmt-svr-200_firmware
𝑥
< 20210305
weintekcmt-svr-202_firmware
𝑥
< 20210305
weintekcmt-g01_firmware
𝑥
< 20210209
weintekcmt-g02_firmware
𝑥
< 20210209
weintekcmt-g03_firmware
𝑥
< 20210222
weintekcmt-g04_firmware
𝑥
< 20210222
weintekcmt3071_firmware
𝑥
< 20210218
weintekcmt3072_firmware
𝑥
< 20210218
weintekcmt3090_firmware
𝑥
< 20210218
weintekcmt3103_firmware
𝑥
< 20210218
weintekcmt3151_firmware
𝑥
< 20210218
weintekcmt-hdm_firmware
𝑥
< 20210204
weintekcmt-fhd_firmware
𝑥
< 20210208
weintekcmt-ctrl01_firmware
𝑥
< 20210302
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf
https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01
https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf
https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01