CVE-2021-27446

high-risk

Published 2022-05-16

The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute commands with root privileges on the operation system.

Do I need to act?

0.28% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 10.0/10 Critical

NETWORK / LOW complexity

Affected Products (16)

Cmt-Svr-100 Firmware

Cmt-Svr-102 Firmware

Cmt-Svr-200 Firmware

Cmt-Svr-202 Firmware

Cmt-G01 Firmware

Cmt-G02 Firmware

Cmt-G03 Firmware

Cmt-G04 Firmware

Cmt3071 Firmware

Cmt3072 Firmware

Cmt3090 Firmware

Cmt3103 Firmware

Cmt3151 Firmware

Cmt-Hdm Firmware

Cmt-Fhd Firmware

Cmt-Ctrl01 Firmware

Affected Vendors

Weintek

References (4)

Mitigation https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Iss...

Third Party Advisory https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01

Mitigation https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Iss...

Third Party Advisory https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01

/ 100

high-risk

Severity 33/34 · Critical

Exploitability 1/34 · Minimal

Exposure 18/34 · Moderate