CVE-2021-27442

The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unauthenticated remote attacker to inject malicious JavaScript code.

CVSS v3 6.1 MEDIUM
CVSS v2.0 4.3 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf	Mitigation Vendor Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:weintek:cmt-svr-100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:weintek:cmt-svr-100:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:weintek:cmt-svr-102_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:weintek:cmt-svr-102:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:weintek:cmt-svr-200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:weintek:cmt-svr-200:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:weintek:cmt-svr-202_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:weintek:cmt-svr-202:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:weintek:cmt-g01_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:weintek:cmt-g01:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:weintek:cmt-g02_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:weintek:cmt-g02:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:weintek:cmt-g03_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:weintek:cmt-g03:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:weintek:cmt-g04_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:weintek:cmt-g04:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:weintek:cmt3071_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:weintek:cmt3071:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:weintek:cmt3072_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:weintek:cmt3072:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:weintek:cmt3090_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:weintek:cmt3090:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:weintek:cmt3103_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:weintek:cmt3103:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:weintek:cmt3151_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:weintek:cmt3151:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:weintek:cmt-hdm_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:weintek:cmt-hdm:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:weintek:cmt-fhd_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:weintek:cmt-fhd:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:weintek:cmt-ctrl01_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:weintek:cmt-ctrl01:-:*:*:*:*:*:*:*

History

25 May 2022, 16:22

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 4.3 v3 : 6.1
CPE		cpe:2.3:o:weintek:cmt-g01_firmware:::::::: cpe:2.3:o:weintek:cmt3103_firmware:::::::: cpe:2.3:h:weintek:cmt3090:-:::::::* cpe:2.3:h:weintek:cmt3072:-:::::::* cpe:2.3:h:weintek:cmt-g01:-:::::::* cpe:2.3:o:weintek:cmt3151_firmware:::::::: cpe:2.3:o:weintek:cmt-svr-100_firmware:::::::: cpe:2.3:o:weintek:cmt3072_firmware:::::::: cpe:2.3:h:weintek:cmt-svr-200:-:::::::* cpe:2.3:o:weintek:cmt-svr-202_firmware:::::::: cpe:2.3:h:weintek:cmt3151:-:::::::* cpe:2.3:o:weintek:cmt-svr-102_firmware:::::::: cpe:2.3:h:weintek:cmt-g03:-:::::::* cpe:2.3:h:weintek:cmt-svr-102:-:::::::* cpe:2.3:o:weintek:cmt-g03_firmware:::::::: cpe:2.3:o:weintek:cmt-fhd_firmware:::::::: cpe:2.3:o:weintek:cmt-g02_firmware:::::::: cpe:2.3:h:weintek:cmt-svr-100:-:::::::* cpe:2.3:o:weintek:cmt3090_firmware:::::::: cpe:2.3:o:weintek:cmt-hdm_firmware:::::::: cpe:2.3:h:weintek:cmt3071:-:::::::* cpe:2.3:h:weintek:cmt-g04:-:::::::* cpe:2.3:h:weintek:cmt3103:-:::::::* cpe:2.3:h:weintek:cmt-fhd:-:::::::* cpe:2.3:o:weintek:cmt-ctrl01_firmware:::::::: cpe:2.3:h:weintek:cmt-ctrl01:-:::::::* cpe:2.3:o:weintek:cmt-svr-200_firmware:::::::: cpe:2.3:h:weintek:cmt-g02:-:::::::* cpe:2.3:o:weintek:cmt3071_firmware:::::::: cpe:2.3:h:weintek:cmt-hdm:-:::::::* cpe:2.3:h:weintek:cmt-svr-202:-:::::::* cpe:2.3:o:weintek:cmt-g04_firmware::::::::
First Time		Weintek cmt-fhd Firmware Weintek cmt-g02 Firmware Weintek cmt-hdm Firmware Weintek cmt-g02 Weintek cmt-g03 Firmware Weintek cmt-ctrl01 Weintek cmt-svr-102 Firmware Weintek cmt-svr-100 Firmware Weintek cmt-fhd Weintek cmt-g03 Weintek cmt3151 Firmware Weintek cmt3071 Weintek cmt-ctrl01 Firmware Weintek cmt-g04 Firmware Weintek cmt3090 Weintek cmt-g01 Firmware Weintek cmt-g01 Weintek cmt3072 Firmware Weintek cmt3072 Weintek cmt3090 Firmware Weintek cmt-svr-200 Firmware Weintek cmt-svr-202 Firmware Weintek cmt-g04 Weintek cmt-hdm Weintek cmt3151 Weintek cmt-svr-102 Weintek cmt3103 Firmware Weintek cmt-svr-100 Weintek Weintek cmt3071 Firmware Weintek cmt-svr-200 Weintek cmt-svr-202 Weintek cmt3103
References	~~(MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01 -~~	(MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01 - Third Party Advisory, US Government Resource
References	~~(CONFIRM) https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf -~~	(CONFIRM) https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf - Mitigation, Vendor Advisory

16 May 2022, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-05-16 18:15

Updated : 2023-12-10 14:22

NVD link : CVE-2021-27442

Mitre link : CVE-2021-27442

CVE.ORG link : CVE-2021-27442

JSON object : View

Products Affected

weintek

cmt-g01
cmt3151
cmt-svr-100_firmware
cmt-fhd
cmt-svr-202_firmware
cmt-hdm_firmware
cmt-svr-102
cmt-g04
cmt-g02_firmware
cmt3090
cmt-g02
cmt3071
cmt-ctrl01
cmt3151_firmware
cmt3072
cmt-svr-100
cmt3072_firmware
cmt-svr-102_firmware
cmt3103_firmware
cmt-g03_firmware
cmt-hdm
cmt-svr-200
cmt-ctrl01_firmware
cmt-svr-202
cmt-g03
cmt-g01_firmware
cmt3103
cmt3071_firmware
cmt3090_firmware
cmt-fhd_firmware
cmt-svr-200_firmware
cmt-g04_firmware

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

6.1 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

4.3 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2021-27442

6.1^/10

4.3^/10

Attach tags to `CVE-2021-27442`