Cmt3072 CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (8 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-14751	1 Weintek	3 Cmt-ctrl01, Cmt-svrx-820, Cmt3072xh	2026-01-26	N/A
A low-privileged user can bypass account credentials without confirming the user's current authentication state, which may lead to unauthorized privilege escalation.
CVE-2025-14750	1 Weintek	3 Cmt-ctrl01, Cmt-svrx-820, Cmt3072xh	2026-01-26	N/A
The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable. A low-privileged user can modify the parameters and potentially manipulate account-level privileges.
CVE-2021-27442	1 Weintek	32 Cmt-ctrl01, Cmt-ctrl01 Firmware, Cmt-fhd and 29 more	2025-04-16	9.4 Critical
The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unauthenticated remote attacker to inject malicious JavaScript code.
CVE-2021-27444	1 Weintek	32 Cmt-ctrl01, Cmt-ctrl01 Firmware, Cmt-fhd and 29 more	2025-04-16	9.8 Critical
The Weintek cMT product line is vulnerable to various improper access controls, which may allow an unauthenticated attacker to remotely access and download sensitive information and perform administrative actions on behalf of a legitimate administrator.
CVE-2021-27446	1 Weintek	32 Cmt-ctrl01, Cmt-ctrl01 Firmware, Cmt-fhd and 29 more	2025-04-16	10 Critical
The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute commands with root privileges on the operation system.
CVE-2023-38584	1 Weintek	14 Cmt-fhd, Cmt-fhd Firmware, Cmt-hdm and 11 more	2025-01-16	9.8 Critical
In Weintek's cMT3000 HMI Web CGI device, the cgi-bin command_wb.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication.
CVE-2023-40145	1 Weintek	14 Cmt-fhd, Cmt-fhd Firmware, Cmt-hdm and 11 more	2025-01-16	8.8 High
In Weintek's cMT3000 HMI Web CGI device, an anonymous attacker can execute arbitrary commands after login to the device.
CVE-2023-43492	1 Weintek	14 Cmt-fhd, Cmt-fhd Firmware, Cmt-hdm and 11 more	2025-01-16	9.8 Critical
In Weintek's cMT3000 HMI Web CGI device, the cgi-bin codesys.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication.

Page 1 of 1.