CVE-2021-27444 — CRITICAL (9.8)

Q: How severe is CVE-2021-27444?

CVE-2021-27444 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2021-27444?

Check the references section above for vendor advisories and patch information. Affected products include: Weintek Cmt-Svr-100 Firmware, Weintek Cmt-Svr-100, Weintek Cmt-Svr-102 Firmware, Weintek Cmt-Svr-102, Weintek Cmt-Svr-200 Firmware.

Vulnerability Description

The Weintek cMT product line is vulnerable to various improper access controls, which may allow an unauthenticated attacker to remotely access and download sensitive information and perform administrative actions on behalf of a legitimate administrator.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Weintek	Cmt-Svr-100 Firmware	< 20210305
Weintek	Cmt-Svr-100	-
Weintek	Cmt-Svr-102 Firmware	< 20210305
Weintek	Cmt-Svr-102	-
Weintek	Cmt-Svr-200 Firmware	< 20210305
Weintek	Cmt-Svr-200	-
Weintek	Cmt-Svr-202 Firmware	< 20210305
Weintek	Cmt-Svr-202	-
Weintek	Cmt-G01 Firmware	< 20210209
Weintek	Cmt-G01	-
Weintek	Cmt-G02 Firmware	< 20210209
Weintek	Cmt-G02	-
Weintek	Cmt-G03 Firmware	< 20210222
Weintek	Cmt-G03	-
Weintek	Cmt-G04 Firmware	< 20210222
Weintek	Cmt-G04	-
Weintek	Cmt3071 Firmware	< 20210218
Weintek	Cmt3071	-
Weintek	Cmt3072 Firmware	< 20210218
Weintek	Cmt3072	-

Related Weaknesses (CWE)

CWE-284

References

https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_IssMitigationVendor Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01Third Party AdvisoryUS Government Resource
https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_IssMitigationVendor Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2021-27444?

CVE-2021-27444 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The Weintek cMT product line is vulnerable to various improper access controls, which may allow an unauthenticated attacker to remotely access and download sensitive information and perform administra...

How severe is CVE-2021-27444?

CVE-2021-27444 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2021-27444?

Check the references section above for vendor advisories and patch information. Affected products include: Weintek Cmt-Svr-100 Firmware, Weintek Cmt-Svr-100, Weintek Cmt-Svr-102 Firmware, Weintek Cmt-Svr-102, Weintek Cmt-Svr-200 Firmware.