Weintek cMT-3072XH2 Unauthenticated File Download Vulnerability

Vulnerability

A vulnerability allowing unauthenticated users to download arbitrary files has been identified in the Weintek cMT-3072XH2 HMI device, running easyweb Web Version 2.1.53 and OS Version 20231011. The issue arises from incorrect access control in the download_wb.cgi component, which allows unauthorized file downloads by failing to properly validate user-supplied parameters, thereby enabling access to unintended file paths.

Impact

Exploitation of this vulnerability allows for unauthorized file downloads, which could lead to the exposure of sensitive information or system data.

Added: Mar 3, 2026, 8:38 PM

Updated: Mar 3, 2026, 10:23 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.9

remediation

0.0

relevance

3.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.9

remediation

0.0

relevance

3.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Weintek cMT-3072XH2 Unauthenticated File Download Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating