Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
Unauthorized Command Execution in Weintek cMT-3072XH2 easyweb v2.1.53
CVE-2024-55026
Summary
An attacker can access and execute arbitrary commands on the Weintek cMT-3072XH2 easyweb system by sending a specially crafted GET request to the reset_pj.cgi endpoint. This can allow unauthorized access and potentially disrupt the system's functionality. Upgrade to a patched version of the software to prevent this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| weintek | easyweb | 2.1.53 | – |
| weintek | cmt-3072xh2_firmware | 20231011 | – |
Original title
An issue in the reset_pj.cgi endpoint of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to execute arbitrary commands via supplying a crafted GET request.
Original description
An issue in the reset_pj.cgi endpoint of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to execute arbitrary commands via supplying a crafted GET request.
nvd CVSS3.1
9.8
Vulnerability type
CWE-256
- https://gist.github.com/AenganZ/f86ed0da28825a1432ec697f484622de Third Party Advisory
- https://plain-trick-71d.notion.site/weintek-cMT-3072XH2-14687a89c4c181eeb21ad61e... Third Party Advisory
Published: 3 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026