CVE-2024-55020
Command Injection in Weintek cMT-3072XH2 DHCP Allows Root Access
Publication date: 2026-03-03
Last updated on: 2026-03-04
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| weintek | easyweb | 2.1.53 |
| weintek | cmt-3072xh2_firmware | 20231011 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2024-55020 is a critical command injection vulnerability found in the DHCP activation feature of Weintek cMT-3072XH2 devices running easyweb Web Version v2.1.53 and OS version 20231011.
This vulnerability occurs due to improper input validation in the HMI name configuration field, allowing attackers to inject arbitrary system commands.
These injected commands are executed with root privileges, especially after the system reboots, enabling attackers to gain privileged command execution on the device.
How can this vulnerability impact me? :
This vulnerability allows attackers to execute arbitrary commands with root privileges on affected Weintek devices.
As a result, attackers can gain unauthorized access, take control over the device, and potentially manipulate or disrupt industrial processes controlled by these devices.
Such control could lead to operational disruptions, data compromise, or further network penetration.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves a command injection via the HMI name configuration field on Weintek cMT-3072XH2 devices running OS version 20231011 and easyweb V2.1.53.
To detect this vulnerability on your system, you can check the HMI name configuration for suspicious or unexpected command injection patterns.
Since the vulnerability executes commands with root privileges after reboot, monitoring for unusual system behavior or unexpected commands executed on reboot can also help detection.
Specific commands to detect the vulnerability are not provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
The available information does not provide explicit mitigation steps.
However, general best practices for command injection vulnerabilities include avoiding untrusted input in configuration fields, applying vendor patches or updates, and restricting device access.