1. Home
  2. CVE Database
  3. CVE-2021-27442
CRITICAL · 9.4

CVE-2021-27442

The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unauthenticated remote attacker to inject malicious JavaScript code.

Vulnerability Description

The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unauthenticated remote attacker to inject malicious JavaScript code.

CVSS Score

9.4

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
LOW

Affected Products

VendorProductVersions
WeintekCmt-Svr-100 Firmware< 20210305
WeintekCmt-Svr-100-
WeintekCmt-Svr-102 Firmware< 20210305
WeintekCmt-Svr-102-
WeintekCmt-Svr-200 Firmware< 20210305
WeintekCmt-Svr-200-
WeintekCmt-Svr-202 Firmware< 20210305
WeintekCmt-Svr-202-
WeintekCmt-G01 Firmware< 20210209
WeintekCmt-G01-
WeintekCmt-G02 Firmware< 20210209
WeintekCmt-G02-
WeintekCmt-G03 Firmware< 20210222
WeintekCmt-G03-
WeintekCmt-G04 Firmware< 20210222
WeintekCmt-G04-
WeintekCmt3071 Firmware< 20210218
WeintekCmt3071-
WeintekCmt3072 Firmware< 20210218
WeintekCmt3072-

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2021-27442?

CVE-2021-27442 is a vulnerability with a CVSS score of 9.4 (CRITICAL). The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unauthenticated remote attacker to inject malicious JavaScript code.

How severe is CVE-2021-27442?

CVE-2021-27442 has been rated CRITICAL with a CVSS base score of 9.4/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2021-27442?

Check the references section above for vendor advisories and patch information. Affected products include: Weintek Cmt-Svr-100 Firmware, Weintek Cmt-Svr-100, Weintek Cmt-Svr-102 Firmware, Weintek Cmt-Svr-102, Weintek Cmt-Svr-200 Firmware.