Weintek cMT-3072XH2 Command Injection Vulnerability in reset_pj.cgi Endpoint

Vulnerability

A command injection vulnerability has been identified in the Weintek cMT-3072XH2 HMI device, specifically in the reset_pj.cgi endpoint of the easyweb version 2.1.53, running on the operating system version 20231011. This vulnerability allows unauthorized attackers to execute arbitrary commands by sending a crafted GET request. The issue arises from insufficient authorization checks, enabling non-administrative users to manipulate parameters and trigger sensitive system control functions, such as stopping or restarting projects and altering the system state.

Impact

Exploitation of this vulnerability allows for unauthorized execution of commands on the affected system, with the potential to disrupt ongoing projects and manipulate the HMI's system state. This could lead to a broader compromise of the industrial processes controlled by the HMI.

Added: Mar 3, 2026, 8:35 PM

Updated: Mar 3, 2026, 10:17 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.4

remediation

0.0

relevance

3.4

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.4

remediation

0.0

relevance

3.4

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Weintek cMT-3072XH2 Command Injection Vulnerability in reset_pj.cgi Endpoint

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating