OS Command Injection in Weintek products - CVE-2023-40145
Published: October 13, 2023
Vulnerability identifier: #VU81981
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2023-40145
CWE-ID: CWE-78
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Weintek
Affected software:
cMT-FHD
cMT-HDM
cMT3071
cMT3072
cMT3103
cMT3090
cMT3151
cMT-FHD
cMT-HDM
cMT3071
cMT3072
cMT3103
cMT3090
cMT3151
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation. A remote user can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
How to mitigate CVE-2023-40145
Install updates from vendor's website.