Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for cmt-g01_firmware by weintek

    CVE-2021-27446 (GCVE-0-2021-27446)

    Vulnerability from nvd – Published: 2022-05-16 17:15 – Updated: 2025-04-16 16:21
    VLAI
    Title
    Weintek EasyWeb cMT Code Injection
    Summary
    The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute commands with root privileges on the operation system.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Weintek cMT-SVR-1xx/2xx Affected: unspecified , < 20210305 (custom)
    Create a notification for this product.
    Weintek cMT-G01/G02 Affected: unspecified , < 20210209 (custom)
    Create a notification for this product.
    Weintek cMT-G03/G04 Affected: unspecified , < 20210222 (custom)
    Create a notification for this product.
    Weintek cMT3071/cMT3072/cMT3090/cMT3103/cMT3151 Affected: unspecified , < 20210218 (custom)
    Create a notification for this product.
    Weintek cMT-HDM Affected: unspecified , < 20210204 (custom)
    Create a notification for this product.
    Weintek cMT-FHD Affected: unspecified , < 20210208 (custom)
    Create a notification for this product.
    Weintek cMT-CTRL01 Affected: unspecified , < 20210302 (custom)
    Create a notification for this product.
    Date Public
    2021-03-23 00:00
    Credits
    Marcin Dudek from CERT.PL reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:48:17.200Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-27446",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T15:54:54.929455Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T16:21:16.549Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "cMT-SVR-1xx/2xx",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210305",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-G01/G02",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210209",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-G03/G04",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210222",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT3071/cMT3072/cMT3090/cMT3103/cMT3151",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210218",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-HDM",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210204",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-FHD",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210208",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-CTRL01",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210302",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Marcin Dudek from CERT.PL reported these vulnerabilities to CISA."
            }
          ],
          "datePublic": "2021-03-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute commands with root privileges on the operation system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94: Code Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-16T17:15:44.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Weintek has released OS upgrades for the affected products. Refer to Weintek\u2019s Technical Notice regarding these vulnerabilities.\nhttps://www.weintek.com/globalw/Download/Download.aspx\nhttps://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Weintek EasyWeb cMT Code Injection",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2021-03-23T17:00:00.000Z",
              "ID": "CVE-2021-27446",
              "STATE": "PUBLIC",
              "TITLE": "Weintek EasyWeb cMT Code Injection"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "cMT-SVR-1xx/2xx",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210305"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-G01/G02",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210209"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-G03/G04",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210222"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT3071/cMT3072/cMT3090/cMT3103/cMT3151",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210218"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-HDM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210204"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-FHD",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210208"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-CTRL01",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210302"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Weintek"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Marcin Dudek from CERT.PL reported these vulnerabilities to CISA."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute commands with root privileges on the operation system."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-94: Code Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01"
                },
                {
                  "name": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Weintek has released OS upgrades for the affected products. Refer to Weintek\u2019s Technical Notice regarding these vulnerabilities.\nhttps://www.weintek.com/globalw/Download/Download.aspx\nhttps://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-27446",
        "datePublished": "2022-05-16T17:15:44.847Z",
        "dateReserved": "2021-02-19T00:00:00.000Z",
        "dateUpdated": "2025-04-16T16:21:16.549Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-27444 (GCVE-0-2021-27444)

    Vulnerability from nvd – Published: 2022-05-16 17:15 – Updated: 2025-04-16 16:21
    VLAI
    Title
    Weintek EasyWeb cMT Improper Access Control
    Summary
    The Weintek cMT product line is vulnerable to various improper access controls, which may allow an unauthenticated attacker to remotely access and download sensitive information and perform administrative actions on behalf of a legitimate administrator.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Weintek cMT-SVR-1xx/2xx Affected: unspecified , < 20210305 (custom)
    Create a notification for this product.
    Weintek cMT-G01/G02 Affected: unspecified , < 20210209 (custom)
    Create a notification for this product.
    Weintek cMT-G03/G04 Affected: unspecified , < 20210222 (custom)
    Create a notification for this product.
    Weintek cMT3071/cMT3072/cMT3090/cMT3103/cMT3151 Affected: unspecified , < 20210218 (custom)
    Create a notification for this product.
    Weintek cMT-HDM Affected: unspecified , < 20210204 (custom)
    Create a notification for this product.
    Weintek cMT-FHD Affected: unspecified , < 20210208 (custom)
    Create a notification for this product.
    Weintek cMT-CTRL01 Affected: unspecified , < 20210302 (custom)
    Create a notification for this product.
    Date Public
    2021-03-23 00:00
    Credits
    Marcin Dudek from CERT.PL reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:48:17.213Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-27444",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T15:54:59.080295Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T16:21:25.289Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "cMT-SVR-1xx/2xx",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210305",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-G01/G02",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210209",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-G03/G04",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210222",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT3071/cMT3072/cMT3090/cMT3103/cMT3151",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210218",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-HDM",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210204",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-FHD",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210208",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-CTRL01",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210302",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Marcin Dudek from CERT.PL reported these vulnerabilities to CISA."
            }
          ],
          "datePublic": "2021-03-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Weintek cMT product line is vulnerable to various improper access controls, which may allow an unauthenticated attacker to remotely access and download sensitive information and perform administrative actions on behalf of a legitimate administrator."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-16T17:15:15.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Weintek has released OS upgrades for the affected products. Refer to Weintek\u2019s Technical Notice regarding these vulnerabilities.\nhttps://www.weintek.com/globalw/Download/Download.aspx\nhttps://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Weintek EasyWeb cMT Improper Access Control",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2021-03-23T17:00:00.000Z",
              "ID": "CVE-2021-27444",
              "STATE": "PUBLIC",
              "TITLE": "Weintek EasyWeb cMT Improper Access Control"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "cMT-SVR-1xx/2xx",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210305"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-G01/G02",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210209"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-G03/G04",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210222"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT3071/cMT3072/cMT3090/cMT3103/cMT3151",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210218"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-HDM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210204"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-FHD",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210208"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-CTRL01",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210302"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Weintek"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Marcin Dudek from CERT.PL reported these vulnerabilities to CISA."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Weintek cMT product line is vulnerable to various improper access controls, which may allow an unauthenticated attacker to remotely access and download sensitive information and perform administrative actions on behalf of a legitimate administrator."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-284: Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01"
                },
                {
                  "name": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Weintek has released OS upgrades for the affected products. Refer to Weintek\u2019s Technical Notice regarding these vulnerabilities.\nhttps://www.weintek.com/globalw/Download/Download.aspx\nhttps://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-27444",
        "datePublished": "2022-05-16T17:15:15.597Z",
        "dateReserved": "2021-02-19T00:00:00.000Z",
        "dateUpdated": "2025-04-16T16:21:25.289Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-27442 (GCVE-0-2021-27442)

    Vulnerability from nvd – Published: 2022-05-16 17:13 – Updated: 2025-04-16 16:21
    VLAI
    Title
    Weintek EasyWeb cMT Cross-site Scripting
    Summary
    The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unauthenticated remote attacker to inject malicious JavaScript code.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Cross-site Scripting
    Assigner
    References
    Impacted products
    Vendor Product Version
    Weintek cMT-SVR-1xx/2xx Affected: unspecified , < 20210305 (custom)
    Create a notification for this product.
    Weintek cMT-G01/G02 Affected: unspecified , < 20210209 (custom)
    Create a notification for this product.
    Weintek cMT-G03/G04 Affected: unspecified , < 20210222 (custom)
    Create a notification for this product.
    Weintek cMT3071/cMT3072/cMT3090/cMT3103/cMT3151 Affected: unspecified , < 20210218 (custom)
    Create a notification for this product.
    Weintek cMT-HDM Affected: unspecified , < 20210204 (custom)
    Create a notification for this product.
    Weintek cMT-FHD Affected: unspecified , < 20210208 (custom)
    Create a notification for this product.
    Weintek cMT-CTRL01 Affected: unspecified , < 20210302 (custom)
    Create a notification for this product.
    Date Public
    2021-03-23 00:00
    Credits
    Marcin Dudek from CERT.PL reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:48:17.243Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-27442",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T15:55:04.749781Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T16:21:32.645Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "cMT-SVR-1xx/2xx",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210305",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-G01/G02",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210209",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-G03/G04",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210222",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT3071/cMT3072/cMT3090/cMT3103/cMT3151",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210218",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-HDM",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210204",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-FHD",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210208",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-CTRL01",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210302",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Marcin Dudek from CERT.PL reported these vulnerabilities to CISA."
            }
          ],
          "datePublic": "2021-03-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unauthenticated remote attacker to inject malicious JavaScript code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 9.4,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Cross-site Scripting",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-16T17:13:17.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Weintek has released OS upgrades for the affected products. Refer to Weintek\u2019s Technical Notice regarding these vulnerabilities.\nhttps://www.weintek.com/globalw/Download/Download.aspx\nhttps://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Weintek EasyWeb cMT Cross-site Scripting",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2021-03-23T17:00:00.000Z",
              "ID": "CVE-2021-27442",
              "STATE": "PUBLIC",
              "TITLE": "Weintek EasyWeb cMT Cross-site Scripting"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "cMT-SVR-1xx/2xx",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210305"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-G01/G02",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210209"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-G03/G04",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210222"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT3071/cMT3072/cMT3090/cMT3103/cMT3151",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210218"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-HDM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210204"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-FHD",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210208"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-CTRL01",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210302"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Weintek"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Marcin Dudek from CERT.PL reported these vulnerabilities to CISA."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unauthenticated remote attacker to inject malicious JavaScript code."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 9.4,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79: Cross-site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01"
                },
                {
                  "name": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Weintek has released OS upgrades for the affected products. Refer to Weintek\u2019s Technical Notice regarding these vulnerabilities.\nhttps://www.weintek.com/globalw/Download/Download.aspx\nhttps://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-27442",
        "datePublished": "2022-05-16T17:13:17.743Z",
        "dateReserved": "2021-02-19T00:00:00.000Z",
        "dateUpdated": "2025-04-16T16:21:32.645Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-27446 (GCVE-0-2021-27446)

    Vulnerability from cvelistv5 – Published: 2022-05-16 17:15 – Updated: 2025-04-16 16:21
    VLAI
    Title
    Weintek EasyWeb cMT Code Injection
    Summary
    The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute commands with root privileges on the operation system.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Weintek cMT-SVR-1xx/2xx Affected: unspecified , < 20210305 (custom)
    Create a notification for this product.
    Weintek cMT-G01/G02 Affected: unspecified , < 20210209 (custom)
    Create a notification for this product.
    Weintek cMT-G03/G04 Affected: unspecified , < 20210222 (custom)
    Create a notification for this product.
    Weintek cMT3071/cMT3072/cMT3090/cMT3103/cMT3151 Affected: unspecified , < 20210218 (custom)
    Create a notification for this product.
    Weintek cMT-HDM Affected: unspecified , < 20210204 (custom)
    Create a notification for this product.
    Weintek cMT-FHD Affected: unspecified , < 20210208 (custom)
    Create a notification for this product.
    Weintek cMT-CTRL01 Affected: unspecified , < 20210302 (custom)
    Create a notification for this product.
    Date Public
    2021-03-23 00:00
    Credits
    Marcin Dudek from CERT.PL reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:48:17.200Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-27446",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T15:54:54.929455Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T16:21:16.549Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "cMT-SVR-1xx/2xx",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210305",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-G01/G02",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210209",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-G03/G04",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210222",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT3071/cMT3072/cMT3090/cMT3103/cMT3151",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210218",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-HDM",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210204",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-FHD",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210208",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-CTRL01",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210302",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Marcin Dudek from CERT.PL reported these vulnerabilities to CISA."
            }
          ],
          "datePublic": "2021-03-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute commands with root privileges on the operation system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94: Code Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-16T17:15:44.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Weintek has released OS upgrades for the affected products. Refer to Weintek\u2019s Technical Notice regarding these vulnerabilities.\nhttps://www.weintek.com/globalw/Download/Download.aspx\nhttps://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Weintek EasyWeb cMT Code Injection",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2021-03-23T17:00:00.000Z",
              "ID": "CVE-2021-27446",
              "STATE": "PUBLIC",
              "TITLE": "Weintek EasyWeb cMT Code Injection"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "cMT-SVR-1xx/2xx",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210305"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-G01/G02",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210209"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-G03/G04",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210222"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT3071/cMT3072/cMT3090/cMT3103/cMT3151",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210218"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-HDM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210204"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-FHD",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210208"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-CTRL01",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210302"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Weintek"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Marcin Dudek from CERT.PL reported these vulnerabilities to CISA."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute commands with root privileges on the operation system."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-94: Code Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01"
                },
                {
                  "name": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Weintek has released OS upgrades for the affected products. Refer to Weintek\u2019s Technical Notice regarding these vulnerabilities.\nhttps://www.weintek.com/globalw/Download/Download.aspx\nhttps://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-27446",
        "datePublished": "2022-05-16T17:15:44.847Z",
        "dateReserved": "2021-02-19T00:00:00.000Z",
        "dateUpdated": "2025-04-16T16:21:16.549Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-27444 (GCVE-0-2021-27444)

    Vulnerability from cvelistv5 – Published: 2022-05-16 17:15 – Updated: 2025-04-16 16:21
    VLAI
    Title
    Weintek EasyWeb cMT Improper Access Control
    Summary
    The Weintek cMT product line is vulnerable to various improper access controls, which may allow an unauthenticated attacker to remotely access and download sensitive information and perform administrative actions on behalf of a legitimate administrator.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Weintek cMT-SVR-1xx/2xx Affected: unspecified , < 20210305 (custom)
    Create a notification for this product.
    Weintek cMT-G01/G02 Affected: unspecified , < 20210209 (custom)
    Create a notification for this product.
    Weintek cMT-G03/G04 Affected: unspecified , < 20210222 (custom)
    Create a notification for this product.
    Weintek cMT3071/cMT3072/cMT3090/cMT3103/cMT3151 Affected: unspecified , < 20210218 (custom)
    Create a notification for this product.
    Weintek cMT-HDM Affected: unspecified , < 20210204 (custom)
    Create a notification for this product.
    Weintek cMT-FHD Affected: unspecified , < 20210208 (custom)
    Create a notification for this product.
    Weintek cMT-CTRL01 Affected: unspecified , < 20210302 (custom)
    Create a notification for this product.
    Date Public
    2021-03-23 00:00
    Credits
    Marcin Dudek from CERT.PL reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:48:17.213Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-27444",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T15:54:59.080295Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T16:21:25.289Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "cMT-SVR-1xx/2xx",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210305",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-G01/G02",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210209",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-G03/G04",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210222",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT3071/cMT3072/cMT3090/cMT3103/cMT3151",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210218",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-HDM",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210204",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-FHD",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210208",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-CTRL01",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210302",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Marcin Dudek from CERT.PL reported these vulnerabilities to CISA."
            }
          ],
          "datePublic": "2021-03-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Weintek cMT product line is vulnerable to various improper access controls, which may allow an unauthenticated attacker to remotely access and download sensitive information and perform administrative actions on behalf of a legitimate administrator."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-16T17:15:15.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Weintek has released OS upgrades for the affected products. Refer to Weintek\u2019s Technical Notice regarding these vulnerabilities.\nhttps://www.weintek.com/globalw/Download/Download.aspx\nhttps://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Weintek EasyWeb cMT Improper Access Control",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2021-03-23T17:00:00.000Z",
              "ID": "CVE-2021-27444",
              "STATE": "PUBLIC",
              "TITLE": "Weintek EasyWeb cMT Improper Access Control"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "cMT-SVR-1xx/2xx",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210305"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-G01/G02",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210209"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-G03/G04",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210222"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT3071/cMT3072/cMT3090/cMT3103/cMT3151",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210218"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-HDM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210204"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-FHD",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210208"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-CTRL01",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210302"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Weintek"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Marcin Dudek from CERT.PL reported these vulnerabilities to CISA."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Weintek cMT product line is vulnerable to various improper access controls, which may allow an unauthenticated attacker to remotely access and download sensitive information and perform administrative actions on behalf of a legitimate administrator."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-284: Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01"
                },
                {
                  "name": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Weintek has released OS upgrades for the affected products. Refer to Weintek\u2019s Technical Notice regarding these vulnerabilities.\nhttps://www.weintek.com/globalw/Download/Download.aspx\nhttps://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-27444",
        "datePublished": "2022-05-16T17:15:15.597Z",
        "dateReserved": "2021-02-19T00:00:00.000Z",
        "dateUpdated": "2025-04-16T16:21:25.289Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-27442 (GCVE-0-2021-27442)

    Vulnerability from cvelistv5 – Published: 2022-05-16 17:13 – Updated: 2025-04-16 16:21
    VLAI
    Title
    Weintek EasyWeb cMT Cross-site Scripting
    Summary
    The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unauthenticated remote attacker to inject malicious JavaScript code.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Cross-site Scripting
    Assigner
    References
    Impacted products
    Vendor Product Version
    Weintek cMT-SVR-1xx/2xx Affected: unspecified , < 20210305 (custom)
    Create a notification for this product.
    Weintek cMT-G01/G02 Affected: unspecified , < 20210209 (custom)
    Create a notification for this product.
    Weintek cMT-G03/G04 Affected: unspecified , < 20210222 (custom)
    Create a notification for this product.
    Weintek cMT3071/cMT3072/cMT3090/cMT3103/cMT3151 Affected: unspecified , < 20210218 (custom)
    Create a notification for this product.
    Weintek cMT-HDM Affected: unspecified , < 20210204 (custom)
    Create a notification for this product.
    Weintek cMT-FHD Affected: unspecified , < 20210208 (custom)
    Create a notification for this product.
    Weintek cMT-CTRL01 Affected: unspecified , < 20210302 (custom)
    Create a notification for this product.
    Date Public
    2021-03-23 00:00
    Credits
    Marcin Dudek from CERT.PL reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:48:17.243Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-27442",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T15:55:04.749781Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T16:21:32.645Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "cMT-SVR-1xx/2xx",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210305",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-G01/G02",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210209",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-G03/G04",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210222",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT3071/cMT3072/cMT3090/cMT3103/cMT3151",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210218",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-HDM",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210204",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-FHD",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210208",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-CTRL01",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210302",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Marcin Dudek from CERT.PL reported these vulnerabilities to CISA."
            }
          ],
          "datePublic": "2021-03-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unauthenticated remote attacker to inject malicious JavaScript code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 9.4,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Cross-site Scripting",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-16T17:13:17.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Weintek has released OS upgrades for the affected products. Refer to Weintek\u2019s Technical Notice regarding these vulnerabilities.\nhttps://www.weintek.com/globalw/Download/Download.aspx\nhttps://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Weintek EasyWeb cMT Cross-site Scripting",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2021-03-23T17:00:00.000Z",
              "ID": "CVE-2021-27442",
              "STATE": "PUBLIC",
              "TITLE": "Weintek EasyWeb cMT Cross-site Scripting"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "cMT-SVR-1xx/2xx",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210305"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-G01/G02",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210209"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-G03/G04",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210222"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT3071/cMT3072/cMT3090/cMT3103/cMT3151",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210218"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-HDM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210204"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-FHD",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210208"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-CTRL01",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210302"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Weintek"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Marcin Dudek from CERT.PL reported these vulnerabilities to CISA."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unauthenticated remote attacker to inject malicious JavaScript code."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 9.4,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79: Cross-site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01"
                },
                {
                  "name": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Weintek has released OS upgrades for the affected products. Refer to Weintek\u2019s Technical Notice regarding these vulnerabilities.\nhttps://www.weintek.com/globalw/Download/Download.aspx\nhttps://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-27442",
        "datePublished": "2022-05-16T17:13:17.743Z",
        "dateReserved": "2021-02-19T00:00:00.000Z",
        "dateUpdated": "2025-04-16T16:21:32.645Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }