CVE-2021-27446 (GCVE-0-2021-27446)

Vulnerability from cvelistv5 – Published: 2022-05-16 17:15 – Updated: 2025-04-16 16:21
VLAI?
Title
Weintek EasyWeb cMT Code Injection
Summary
The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute commands with root privileges on the operation system.
Severity ?
10 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE
Assigner
References
Impacted products
Vendor Product Version
Weintek cMT-SVR-1xx/2xx Affected: unspecified , < 20210305 (custom)
Create a notification for this product.
    Weintek cMT-G01/G02 Affected: unspecified , < 20210209 (custom)
Create a notification for this product.
    Weintek cMT-G03/G04 Affected: unspecified , < 20210222 (custom)
Create a notification for this product.
    Weintek cMT3071/cMT3072/cMT3090/cMT3103/cMT3151 Affected: unspecified , < 20210218 (custom)
Create a notification for this product.
    Weintek cMT-HDM Affected: unspecified , < 20210204 (custom)
Create a notification for this product.
    Weintek cMT-FHD Affected: unspecified , < 20210208 (custom)
Create a notification for this product.
    Weintek cMT-CTRL01 Affected: unspecified , < 20210302 (custom)
Create a notification for this product.
Credits
Marcin Dudek from CERT.PL reported these vulnerabilities to CISA.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:48:17.200Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-27446",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-16T15:54:54.929455Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-16T16:21:16.549Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cMT-SVR-1xx/2xx",
          "vendor": "Weintek",
          "versions": [
            {
              "lessThan": "20210305",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "cMT-G01/G02",
          "vendor": "Weintek",
          "versions": [
            {
              "lessThan": "20210209",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "cMT-G03/G04",
          "vendor": "Weintek",
          "versions": [
            {
              "lessThan": "20210222",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "cMT3071/cMT3072/cMT3090/cMT3103/cMT3151",
          "vendor": "Weintek",
          "versions": [
            {
              "lessThan": "20210218",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "cMT-HDM",
          "vendor": "Weintek",
          "versions": [
            {
              "lessThan": "20210204",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "cMT-FHD",
          "vendor": "Weintek",
          "versions": [
            {
              "lessThan": "20210208",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "cMT-CTRL01",
          "vendor": "Weintek",
          "versions": [
            {
              "lessThan": "20210302",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Marcin Dudek from CERT.PL reported these vulnerabilities to CISA."
        }
      ],
      "datePublic": "2021-03-23T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute commands with root privileges on the operation system."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94: Code Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-05-16T17:15:44.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Weintek has released OS upgrades for the affected products. Refer to Weintek\u2019s Technical Notice regarding these vulnerabilities.\nhttps://www.weintek.com/globalw/Download/Download.aspx\nhttps://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Weintek EasyWeb cMT Code Injection",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "DATE_PUBLIC": "2021-03-23T17:00:00.000Z",
          "ID": "CVE-2021-27446",
          "STATE": "PUBLIC",
          "TITLE": "Weintek EasyWeb cMT Code Injection"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "cMT-SVR-1xx/2xx",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "20210305"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "cMT-G01/G02",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "20210209"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "cMT-G03/G04",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "20210222"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "cMT3071/cMT3072/cMT3090/cMT3103/cMT3151",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "20210218"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "cMT-HDM",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "20210204"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "cMT-FHD",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "20210208"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "cMT-CTRL01",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "20210302"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Weintek"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Marcin Dudek from CERT.PL reported these vulnerabilities to CISA."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute commands with root privileges on the operation system."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-94: Code Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01",
              "refsource": "MISC",
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01"
            },
            {
              "name": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf",
              "refsource": "CONFIRM",
              "url": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Weintek has released OS upgrades for the affected products. Refer to Weintek\u2019s Technical Notice regarding these vulnerabilities.\nhttps://www.weintek.com/globalw/Download/Download.aspx\nhttps://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
          }
        ],
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2021-27446",
    "datePublished": "2022-05-16T17:15:44.847Z",
    "dateReserved": "2021-02-19T00:00:00.000Z",
    "dateUpdated": "2025-04-16T16:21:16.549Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-27446\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2022-05-16T18:15:08.167\",\"lastModified\":\"2024-11-21T05:58:00.263\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute commands with root privileges on the operation system.\"},{\"lang\":\"es\",\"value\":\"La l\u00ednea de productos Weintek cMT es vulnerable a una inyecci\u00f3n de c\u00f3digo, que puede permitir a un atacante remoto no autenticado ejecutar comandos con privilegios de root en el sistema operativo\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":10.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:weintek:cmt-svr-100_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"20210305\",\"matchCriteriaId\":\"2BD9FCBF-CD84-4863-A4E4-613BD228D2CA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:weintek:cmt-svr-100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"408166F7-5030-4FDA-94CF-4DD2237A1EA7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:weintek:cmt-svr-102_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"20210305\",\"matchCriteriaId\":\"E6D1FD50-6AD9-4F6F-84A2-1646542350CC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:weintek:cmt-svr-102:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5EE3CBE0-6B56-4405-91E2-15DB0C6E7967\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:weintek:cmt-svr-200_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"20210305\",\"matchCriteriaId\":\"176DF351-ECB2-44F8-9009-48B76D9EB867\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:weintek:cmt-svr-200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"673841CB-C2D6-486C-8C5D-0180173196D9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:weintek:cmt-svr-202_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"20210305\",\"matchCriteriaId\":\"A7AA6AD2-B144-437E-B185-4BD47703A54B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:weintek:cmt-svr-202:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB57299A-5F53-44A5-B1D3-2E554180562B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:weintek:cmt-g01_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"20210209\",\"matchCriteriaId\":\"5985D77C-E9BF-4E1B-8128-A0737281B8FA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:weintek:cmt-g01:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0ADA01D-E62C-4D53-B70D-BFB750CA2B52\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:weintek:cmt-g02_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"20210209\",\"matchCriteriaId\":\"0BF566CC-966E-48E9-B6C9-F6CA52FFEAA1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:weintek:cmt-g02:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FB93C5F-4C71-4337-B72F-FE9B6E5CF83C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:weintek:cmt-g03_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"20210222\",\"matchCriteriaId\":\"F59201D7-3D0B-446F-90B9-FD19C9DB04C0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:weintek:cmt-g03:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"61343FB6-5943-4FE7-9E3C-56F184622B7B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:weintek:cmt-g04_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"20210222\",\"matchCriteriaId\":\"F264AD39-4A3F-4273-A951-6DCB6768E82F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:weintek:cmt-g04:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2BCB236-F9AC-4729-BCAF-F005250C0F2E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:weintek:cmt3071_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"20210218\",\"matchCriteriaId\":\"37D305D8-34F6-4BEF-99D4-CF4A18EFA9D3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:weintek:cmt3071:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4DE53C8-09D5-4D5E-97EE-A89E1478CD65\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:weintek:cmt3072_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"20210218\",\"matchCriteriaId\":\"8A20906F-F91F-486A-9340-8D22C93C19AE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:weintek:cmt3072:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3F83A8D-1489-48AA-911B-5BA561A57896\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:weintek:cmt3090_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"20210218\",\"matchCriteriaId\":\"A84ABF9C-EC9B-4CBF-967F-5F38DCD32A16\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:weintek:cmt3090:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"79C1F694-08A2-46E7-95C2-8DFA3D64423B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:weintek:cmt3103_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"20210218\",\"matchCriteriaId\":\"B70E20F8-83E0-45C9-B02F-D1957AD47C6A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:weintek:cmt3103:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F607716E-7B7B-4620-819C-F44341B8C37F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:weintek:cmt3151_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"20210218\",\"matchCriteriaId\":\"F5065F83-0BD0-44B1-9E64-8689F0F3B4D0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:weintek:cmt3151:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FF5326B-5E33-4C11-9AC6-A90357078FCA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:weintek:cmt-hdm_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"20210204\",\"matchCriteriaId\":\"0A793B51-28F7-4A17-BD4C-74C2FCA053FC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:weintek:cmt-hdm:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E08E3518-A03F-486D-B67A-013F67026D78\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:weintek:cmt-fhd_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"20210208\",\"matchCriteriaId\":\"81DBEE28-6A04-43E0-9C5E-592162179896\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:weintek:cmt-fhd:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A132B170-A1FC-4D38-9965-0FF47B944FD5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:weintek:cmt-ctrl01_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"20210302\",\"matchCriteriaId\":\"38F4698D-B9D6-42E4-9867-9BDCC2F2F2A8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:weintek:cmt-ctrl01:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C9CB899-1EE6-4599-861D-9BBA4856E5CE\"}]}]}],\"references\":[{\"url\":\"https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T20:48:17.200Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-27446\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-16T15:54:54.929455Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-16T15:54:56.560Z\"}}], \"cna\": {\"title\": \"Weintek EasyWeb cMT Code Injection\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"value\": \"Marcin Dudek from CERT.PL reported these vulnerabilities to CISA.\"}], \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 10, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"Weintek\", \"product\": \"cMT-SVR-1xx/2xx\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"20210305\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Weintek\", \"product\": \"cMT-G01/G02\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"20210209\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Weintek\", \"product\": \"cMT-G03/G04\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"20210222\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Weintek\", \"product\": \"cMT3071/cMT3072/cMT3090/cMT3103/cMT3151\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"20210218\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Weintek\", \"product\": \"cMT-HDM\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"20210204\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Weintek\", \"product\": \"cMT-FHD\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"20210208\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Weintek\", \"product\": \"cMT-CTRL01\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"20210302\", \"versionType\": \"custom\"}]}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Weintek has released OS upgrades for the affected products. Refer to Weintek\\u2019s Technical Notice regarding these vulnerabilities.\\nhttps://www.weintek.com/globalw/Download/Download.aspx\\nhttps://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf\"}], \"datePublic\": \"2021-03-23T00:00:00.000Z\", \"references\": [{\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute commands with root privileges on the operation system.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-94\", \"description\": \"CWE-94: Code Injection\"}]}], \"providerMetadata\": {\"orgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"shortName\": \"icscert\", \"dateUpdated\": \"2022-05-16T17:15:44.000Z\"}, \"x_legacyV4Record\": {\"credit\": [{\"lang\": \"eng\", \"value\": \"Marcin Dudek from CERT.PL reported these vulnerabilities to CISA.\"}], \"impact\": {\"cvss\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 10, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, \"source\": {\"discovery\": \"EXTERNAL\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"20210305\", \"version_affected\": \"\u003c\"}]}, \"product_name\": \"cMT-SVR-1xx/2xx\"}, {\"version\": {\"version_data\": [{\"version_value\": \"20210209\", \"version_affected\": \"\u003c\"}]}, \"product_name\": \"cMT-G01/G02\"}, {\"version\": {\"version_data\": [{\"version_value\": \"20210222\", \"version_affected\": \"\u003c\"}]}, \"product_name\": \"cMT-G03/G04\"}, {\"version\": {\"version_data\": [{\"version_value\": \"20210218\", \"version_affected\": \"\u003c\"}]}, \"product_name\": \"cMT3071/cMT3072/cMT3090/cMT3103/cMT3151\"}, {\"version\": {\"version_data\": [{\"version_value\": \"20210204\", \"version_affected\": \"\u003c\"}]}, \"product_name\": \"cMT-HDM\"}, {\"version\": {\"version_data\": [{\"version_value\": \"20210208\", \"version_affected\": \"\u003c\"}]}, \"product_name\": \"cMT-FHD\"}, {\"version\": {\"version_data\": [{\"version_value\": \"20210302\", \"version_affected\": \"\u003c\"}]}, \"product_name\": \"cMT-CTRL01\"}]}, \"vendor_name\": \"Weintek\"}]}}, \"solution\": [{\"lang\": \"en\", \"value\": \"Weintek has released OS upgrades for the affected products. Refer to Weintek\\u2019s Technical Notice regarding these vulnerabilities.\\nhttps://www.weintek.com/globalw/Download/Download.aspx\\nhttps://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf\"}], \"data_type\": \"CVE\", \"generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"references\": {\"reference_data\": [{\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01\", \"name\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01\", \"refsource\": \"MISC\"}, {\"url\": \"https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf\", \"name\": \"https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf\", \"refsource\": \"CONFIRM\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute commands with root privileges on the operation system.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-94: Code Injection\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2021-27446\", \"STATE\": \"PUBLIC\", \"TITLE\": \"Weintek EasyWeb cMT Code Injection\", \"ASSIGNER\": \"ics-cert@hq.dhs.gov\", \"DATE_PUBLIC\": \"2021-03-23T17:00:00.000Z\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2021-27446\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-16T16:21:16.549Z\", \"dateReserved\": \"2021-02-19T00:00:00.000Z\", \"assignerOrgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"datePublished\": \"2022-05-16T17:15:44.847Z\", \"assignerShortName\": \"icscert\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.