Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
Weintek cMT-3072XH2 easyweb v2.1.53 stores credentials insecurely
CVE-2024-55027
Summary
Weintek's cMT-3072XH2 easyweb v2.1.53 stores passwords and other sensitive information in an easily accessible file, which can be read by unauthorized parties. This means that if an attacker gains access to the system, they can easily obtain sensitive login credentials. To protect your data, update to the latest version of the software.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| weintek | easyweb | 2.1.53 | – |
| weintek | cmt-3072xh2_firmware | 20231011 | – |
Original title
Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to stroe credentials in plaintext in the component uac_temp.db.
Original description
Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to stroe credentials in plaintext in the component uac_temp.db.
nvd CVSS3.1
7.5
Vulnerability type
CWE-312
Cleartext Storage of Sensitive Information
CWE-798
Use of Hard-coded Credentials
- https://gist.github.com/AenganZ/f86ed0da28825a1432ec697f484622de Third Party Advisory
- https://plain-trick-71d.notion.site/weintek-cMT-3072XH2-14687a89c4c181eeb21ad61e... Third Party Advisory
Published: 3 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026