CVE-2023-50466

HIGH

Weintek cMT2078X Firmware v2.1.3 - Authenticated OS Command Injection via HMI Name Parameter

Title source: llm

Description

An authenticated command injection vulnerability in Weintek cMT2078X easyweb Web Version v2.1.3, OS v20220215 allows attackers to execute arbitrary code or access sensitive information via injecting a crafted payload into the HMI Name parameter.

References (1)

Core 1

Core References

Third Party Advisory

https://literate-bakery-10b.notion.site/Weintek-EasyWeb-cMT-Reports-3fc0b10798b54f51a61d719395c408da?pvs=4

Scores

CVSS v3 8.8

EPSS 0.0190

EPSS Percentile 77.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (1)

weintek/cmt2078x_firmware 2.1.3

Published Dec 19, 2023

Tracked Since Feb 18, 2026