CVSS: 10.0EPSS: 0%CPEs: 32EXPL: 0CVE-2021-27446 – Weintek EasyWeb cMT Code Injection
https://notcve.org/view.php?id=CVE-2021-27446
16 May 2022 — The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute commands with root privileges on the operation system. La línea de productos Weintek cMT es vulnerable a una inyección de código, que puede permitir a un atacante remoto no autenticado ejecutar comandos con privilegios de root en el sistema operativo • https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 32EXPL: 0CVE-2021-27444 – Weintek EasyWeb cMT Improper Access Control
https://notcve.org/view.php?id=CVE-2021-27444
16 May 2022 — The Weintek cMT product line is vulnerable to various improper access controls, which may allow an unauthenticated attacker to remotely access and download sensitive information and perform administrative actions on behalf of a legitimate administrator. La línea de productos Weintek cMT es vulnerable a varios controles de acceso inapropiados, que pueden permitir a un atacante no autenticado acceder y descargar remotamente información confidencial y llevar a cabo acciones administrativas en nombre de un admi... • https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf • CWE-284: Improper Access Control •
CVSS: 9.4EPSS: 0%CPEs: 32EXPL: 0CVE-2021-27442 – Weintek EasyWeb cMT Cross-site Scripting
https://notcve.org/view.php?id=CVE-2021-27442
16 May 2022 — The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unauthenticated remote attacker to inject malicious JavaScript code. La línea de productos Weintek cMT es vulnerable a una vulnerabilidad de tipo Cross-site scripting, que podría permitir a un atacante remoto no autenticado inyectar código JavaScript malicioso • https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •