CVE-2024-55020
Published: 03 March 2026
Description
Adversaries may abuse Unix shell commands and scripts for execution.
Security Summary
CVE-2024-55020 is a command injection vulnerability in the DHCP activation feature of Weintek cMT-3072XH2 easyWeb Web Version v2.1.53 running on OS v20231011. It allows attackers to execute arbitrary commands with root privileges. The vulnerability is associated with CWE-20 (Improper Input Validation) and CWE-78 (OS Command Injection) and has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility and lack of prerequisites.
Remote attackers require no privileges or user interaction to exploit this vulnerability over the network with low complexity. Successful exploitation grants root-level command execution on the affected device, potentially enabling full system compromise, data exfiltration, persistence, or further lateral movement within industrial control system environments where Weintek cMT-3072XH2 HMIs are deployed.
Mitigation details are available in the referenced advisories, including the GitHub Gist at https://gist.github.com/AenganZ/f86ed0da28825a1432ec697f484622de and the Notion page at https://plain-trick-71d.notion.site/weintek-cMT-3072XH2-14687a89c4c181eeb21ad61e0392f34b?pvs=4. Security practitioners should consult these sources for patching instructions or workarounds specific to the affected versions.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Unauthenticated command injection vulnerability in public-facing web application (easyWeb Web) enables remote exploitation for arbitrary root command execution, directly facilitating T1190 (Exploit Public-Facing Application) and T1059.004 (Unix Shell).