The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unauthenticated remote attacker to inject malicious JavaScript code.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00145.

Exploitation none

Automatable yes

Technical Impact total

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
Weintek cMT-SVR-1xx/2xx affected
Version Status Constraints
unspecified affected < 20210305
Weintek cMT-G01/G02 affected
Version Status Constraints
unspecified affected < 20210209
Weintek cMT-G03/G04 affected
Version Status Constraints
unspecified affected < 20210222
Weintek cMT3071/cMT3072/cMT3090/cMT3103/cMT3151 affected
Version Status Constraints
unspecified affected < 20210218
Weintek cMT-HDM affected
Version Status Constraints
unspecified affected < 20210204
Weintek cMT-FHD affected
Version Status Constraints
unspecified affected < 20210208
Weintek cMT-CTRL01 affected
Version Status Constraints
unspecified affected < 20210302

Configuration 1 [-]

AND
cpe:2.3:o:weintek:cmt-svr-100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:weintek:cmt-svr-100:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:weintek:cmt-svr-102_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:weintek:cmt-svr-102:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:weintek:cmt-svr-200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:weintek:cmt-svr-200:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:weintek:cmt-svr-202_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:weintek:cmt-svr-202:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:weintek:cmt-g01_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:weintek:cmt-g01:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:weintek:cmt-g02_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:weintek:cmt-g02:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:weintek:cmt-g03_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:weintek:cmt-g03:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:weintek:cmt-g04_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:weintek:cmt-g04:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:weintek:cmt3071_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:weintek:cmt3071:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:weintek:cmt3072_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:weintek:cmt3072:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:weintek:cmt3090_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:weintek:cmt3090:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:weintek:cmt3103_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:weintek:cmt3103:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
cpe:2.3:o:weintek:cmt3151_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:weintek:cmt3151:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND
cpe:2.3:o:weintek:cmt-hdm_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:weintek:cmt-hdm:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND
cpe:2.3:o:weintek:cmt-fhd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:weintek:cmt-fhd:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND
cpe:2.3:o:weintek:cmt-ctrl01_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:weintek:cmt-ctrl01:-:*:*:*:*:*:*:*

No data.

No data.

Project Subscriptions

Vendors Products
Weintek Subscribe
Cmt-ctrl01 Subscribe
Cmt-ctrl01 Firmware Subscribe
Cmt-fhd Subscribe
Cmt-fhd Firmware Subscribe
Cmt-g01 Subscribe
Cmt-g01 Firmware Subscribe
Cmt-g02 Subscribe
Cmt-g02 Firmware Subscribe
Cmt-g03 Subscribe
Cmt-g03 Firmware Subscribe
Cmt-g04 Subscribe
Cmt-g04 Firmware Subscribe
Cmt-hdm Subscribe
Cmt-hdm Firmware Subscribe
Cmt-svr-100 Subscribe
Cmt-svr-100 Firmware Subscribe
Cmt-svr-102 Subscribe
Cmt-svr-102 Firmware Subscribe
Cmt-svr-200 Subscribe
Cmt-svr-200 Firmware Subscribe
Cmt-svr-202 Subscribe
Cmt-svr-202 Firmware Subscribe
Cmt3071 Subscribe
Cmt3071 Firmware Subscribe
Cmt3072 Subscribe
Cmt3072 Firmware Subscribe
Cmt3090 Subscribe
Cmt3090 Firmware Subscribe
Cmt3103 Subscribe
Cmt3103 Firmware Subscribe
Cmt3151 Subscribe
Cmt3151 Firmware Subscribe
Advisories
Source ID Title
EUVD EUVD EUVD-2021-14196 The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unauthenticated remote attacker to inject malicious JavaScript code.
Fixes

Solution

Weintek has released OS upgrades for the affected products. Refer to Weintek’s Technical Notice regarding these vulnerabilities. https://www.weintek.com/globalw/Download/Download.aspx https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf

Workaround

No workaround given by the vendor.

References
Link Providers
https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf cve-icon cve-icon
https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01 cve-icon cve-icon
History

Wed, 16 Apr 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2025-04-16T16:21:32.645Z

Reserved: 2021-02-19T00:00:00.000Z

Link: CVE-2021-27442

cve-icon Vulnrichment

Updated: 2024-08-03T20:48:17.243Z

cve-icon NVD

Status : Modified

Published: 2022-05-16T18:15:08.043

Modified: 2024-11-21T05:57:59.820

Link: CVE-2021-27442

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses