Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2024-55022
Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain an authenticated command injection vulnerability via the HMI Name parameter.
CVSS Score
8.8
EPSS Score
0.003
Published
2026-03-03
CVE-2024-55023
Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded encryption key which could allow attackers to access sensitive information.
CVSS Score
5.3
EPSS Score
0.0
Published
2026-03-03
CVE-2024-55024
An authentication bypass vulnerability in the authorization mechanism of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to perform Administrative actions using service accounts.
CVSS Score
9.8
EPSS Score
0.001
Published
2026-03-03
CVE-2024-55025
Incorrect access control in the VNC component of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to access the HMI system.
CVSS Score
6.5
EPSS Score
0.001
Published
2026-03-03
CVE-2024-55026
An issue in the reset_pj.cgi endpoint of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to execute arbitrary commands via supplying a crafted GET request.
CVSS Score
9.8
EPSS Score
0.001
Published
2026-03-03
CVE-2024-55027
Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to stroe credentials in plaintext in the component uac_temp.db.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-03-03
CVE-2024-55019
Incorrect access control in the component download_wb.cgi of Weintek cMT-3072XH2 easyweb Web Version v2.1.53, OS v20231011 allows unauthenticated attack to download arbitrary files.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-03-03
CVE-2024-55020
A command injection vulnerability in the DHCP activation feature of Weintek cMT-3072XH2 easyweb Web Version v2.1.53, OS v20231011 allows attackers to execute arbitrary commands with root privileges.
CVSS Score
9.8
EPSS Score
0.003
Published
2026-03-03
CVE-2026-26890
Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_product.php.
CVSS Score
2.7
EPSS Score
0.0
Published
2026-03-03
CVE-2026-3437
An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Portwell Engineering Toolkits version 4.8.2 could allow a local authenticated attacker to read and write to arbitrary memory via the Portwell Engineering Toolkits driver. Successful exploitation of this vulnerability could result in escalation of privileges or cause a denial-of-service condition.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-03-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved