CVE-2021-27442

high-risk

Published 2022-05-16

The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unauthenticated remote attacker to inject malicious JavaScript code.

Do I need to act?

0.14% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.4/10 Critical

NETWORK / LOW complexity

Affected Products (16)

Cmt-Svr-100 Firmware

Cmt-Svr-102 Firmware

Cmt-Svr-200 Firmware

Cmt-Svr-202 Firmware

Cmt-G01 Firmware

Cmt-G02 Firmware

Cmt-G03 Firmware

Cmt-G04 Firmware

Cmt3071 Firmware

Cmt3072 Firmware

Cmt3090 Firmware

Cmt3103 Firmware

Cmt3151 Firmware

Cmt-Hdm Firmware

Cmt-Fhd Firmware

Cmt-Ctrl01 Firmware

Affected Vendors

Weintek

References (4)

Mitigation https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Iss...

Third Party Advisory https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01

Mitigation https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Iss...

Third Party Advisory https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01

/ 100

high-risk

Severity 31/34 · Critical

Exploitability 1/34 · Minimal

Exposure 18/34 · Moderate