CVE-2024-55023
Hardcoded Encryption Key in Weintek cMT-3072XH2 Enables Data Exposure
Publication date: 2026-03-03
Last updated on: 2026-03-09
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| weintek | easyweb | 2.1.53 |
| weintek | cmt-3072xh2_firmware | 20231011 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011, involves a hardcoded encryption key. This means that the encryption key used by the system is embedded directly in the software and cannot be changed by users.
Because the key is hardcoded, attackers who discover it can use it to decrypt sensitive information that the device protects or transmits.
How can this vulnerability impact me? :
This vulnerability can allow attackers to access sensitive information by exploiting the hardcoded encryption key. Since the key is fixed and known once discovered, attackers can decrypt data that should be protected.
The CVSS score of 5.3 indicates a medium severity impact, with the vulnerability exploitable remotely without privileges or user interaction, potentially leading to confidentiality loss.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know