Vulnerabilities > CVE-2023-38584 - Out-of-bounds Write vulnerability in Weintek products

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

weintek

CWE-787

critical

NVD

Published: 2023-10-19

Updated: 2023-10-26

Summary

In Weintek's cMT3000 HMI Web CGI device, the cgi-bin command_wb.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication.

Vulnerable Configurations

Part	Description	Count
OS	Weintek Weintek CMT FHD Firmware - Weintek CMT FHD Firmware 20210208 Weintek CMT HDM Firmware - Weintek CMT HDM Firmware 20210204 Weintek Cmt3071 Firmware - Weintek Cmt3071 Firmware 20210218 Weintek Cmt3072 Firmware - Weintek Cmt3072 Firmware 20210218 Weintek Cmt3090 Firmware - Weintek Cmt3090 Firmware 20210218 Weintek Cmt3103 Firmware - Weintek Cmt3103 Firmware 20210218 Weintek Cmt3151 Firmware - Weintek Cmt3151 Firmware 20210218	14
Hardware	Weintek Weintek CMT FHD - Weintek CMT HDM - Weintek Cmt3071 - Weintek Cmt3072 - Weintek Cmt3090 - Weintek Cmt3103 - Weintek Cmt3151 -	7

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References