CVE-2021-27444

CRITICAL

Weintek cMT Firmware < 20210305 - Unauthenticated Improper Access Control

Title source: llm
STIX 2.1

Description

The Weintek cMT product line is vulnerable to various improper access controls, which may allow an unauthenticated attacker to remotely access and download sensitive information and perform administrative actions on behalf of a legitimate administrator.

References (2)

Core 2
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01

Scores

CVSS v3 9.8
EPSS 0.0105
EPSS Percentile 60.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-284
Status published
Products (16)
weintek/cmt-ctrl01_firmware < 20210302
weintek/cmt-fhd_firmware < 20210208
weintek/cmt-g01_firmware < 20210209
weintek/cmt-g02_firmware < 20210209
weintek/cmt-g03_firmware < 20210222
weintek/cmt-g04_firmware < 20210222
weintek/cmt-hdm_firmware < 20210204
weintek/cmt-svr-100_firmware < 20210305
weintek/cmt-svr-102_firmware < 20210305
weintek/cmt-svr-200_firmware < 20210305
... and 6 more
Published May 16, 2022
Tracked Since Feb 18, 2026