exploitDog

CVE-2023-50466

Опубликовано: 19 дек. 2023

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

An authenticated command injection vulnerability in Weintek cMT2078X easyweb Web Version v2.1.3, OS v20220215 allows attackers to execute arbitrary code or access sensitive information via injecting a crafted payload into the HMI Name parameter.

Ссылки

https://literate-bakery-10b.notion.site/Weintek-EasyWeb-cMT-Reports-3fc0b10798b54f51a61d719395c408da?pvs=4
Third Party Advisory
https://literate-bakery-10b.notion.site/Weintek-EasyWeb-cMT-Reports-3fc0b10798b54f51a61d719395c408da?pvs=4
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:weintek:cmt2078x_firmware:2.1.3:*:*:*:*:*:*:*

cpe:2.3:h:weintek:cmt2078x:-:*:*:*:*:*:*:*

EPSS

Процентиль: 56%

0.00338

Низкий

8.8 High

CVSS3

Дефекты

CWE-78

Связанные уязвимости

GHSA-qpgx-5qh6-3h4v

CVSS3: 8.8

github

около 2 лет назад

An authenticated command injection vulnerability in Weintek cMT2078X easyweb Web Version v2.1.3, OS v20220215 allows attackers to execute arbitrary code or access sensitive information via injecting a crafted payload into the HMI Name parameter.

EPSS

Процентиль: 56%

0.00338

Низкий

8.8 High

CVSS3

Дефекты

CWE-78