Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Weintek cMT-3072XH2 easyweb v2.1.53: Unapproved Command Injection
CVE-2024-55022
Summary
This vulnerability allows attackers with valid login credentials to execute arbitrary system commands on the affected device, potentially leading to unauthorized access and control. This could result in sensitive data exposure, system compromise, or disruption of device functionality. Update the software to the latest version to mitigate this risk.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| weintek | easyweb | 2.1.53 | – |
| weintek | cmt-3072xh2_firmware | 20231011 | – |
Original title
Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain an authenticated command injection vulnerability via the HMI Name parameter.
Original description
Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain an authenticated command injection vulnerability via the HMI Name parameter.
nvd CVSS3.1
8.8
Vulnerability type
CWE-94
Code Injection
Published: 3 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026