Vulnerability Details CVE-2023-38584
In Weintek's cMT3000 HMI Web CGI device, the cgi-bin command_wb.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 17.1%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2023-38584
-
cpe:2.3:h:weintek:cmt-fhd:-
-
cpe:2.3:h:weintek:cmt-hdm:-
-
cpe:2.3:h:weintek:cmt3071:-
-
cpe:2.3:h:weintek:cmt3072:-
-
cpe:2.3:h:weintek:cmt3090:-
-
cpe:2.3:h:weintek:cmt3103:-
-
cpe:2.3:h:weintek:cmt3151:-
-
cpe:2.3:o:weintek:cmt-fhd_firmware:-
-
cpe:2.3:o:weintek:cmt-fhd_firmware:20210208
-
cpe:2.3:o:weintek:cmt-hdm_firmware:-
-
cpe:2.3:o:weintek:cmt-hdm_firmware:20210204
-
cpe:2.3:o:weintek:cmt3071_firmware:-
-
cpe:2.3:o:weintek:cmt3071_firmware:20210218
-
cpe:2.3:o:weintek:cmt3072_firmware:-
-
cpe:2.3:o:weintek:cmt3072_firmware:20210218
-
cpe:2.3:o:weintek:cmt3090_firmware:-
-
cpe:2.3:o:weintek:cmt3090_firmware:20210218
-
cpe:2.3:o:weintek:cmt3103_firmware:-
-
cpe:2.3:o:weintek:cmt3103_firmware:20210218
-
cpe:2.3:o:weintek:cmt3151_firmware:-
-
cpe:2.3:o:weintek:cmt3151_firmware:20210218