CVE-2023-38584

Weintek cMT3000 HMI Web CGI Stack-based Buffer Overflow

Description

In Weintek's cMT3000 HMI Web CGI device, the cgi-bin command_wb.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication.

Remediation

Solution:

  • Weintek recommends users follow their Upgrade Instructions https://dl.weintek.com/public/Document/UM0/UM018010E_cMT_Series_OS_Update_Instructions_eng.pdf  to update the following products to the latest versions: * cMT-FHD: OS version 20210211 * cMT-HDM: OS version 20210205 * cMT3071: OS version 20210219 * cMT3072: OS version 20210219 * cMT3103: OS version 20210219 * cMT3090: OS version 20210219 * cMT3151: OS version 20210219 For additional information, refer to Weintek's security bulletin https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf .

Categories

9.8
CVSS
Severity: Critical
CVSS 3.1 •
EPSS 0.06%
Vendor Advisory weintek.com
Affected: Weintek cMT-FHD
Affected: Weintek cMT-HDM
Affected: Weintek cMT3071
Affected: Weintek cMT3072
Affected: Weintek cMT3103
Affected: Weintek cMT3090
Affected: Weintek cMT3151
Published at:
Updated at:

References

Link Tags
https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-12 third party advisory us government resource
https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf vendor advisory

Frequently Asked Questions

What is the severity of CVE-2023-38584?
CVE-2023-38584 has been scored as a critical severity vulnerability.
How to fix CVE-2023-38584?
To fix CVE-2023-38584: Weintek recommends users follow their Upgrade Instructions https://dl.weintek.com/public/Document/UM0/UM018010E_cMT_Series_OS_Update_Instructions_eng.pdf  to update the following products to the latest versions: * cMT-FHD: OS version 20210211 * cMT-HDM: OS version 20210205 * cMT3071: OS version 20210219 * cMT3072: OS version 20210219 * cMT3103: OS version 20210219 * cMT3090: OS version 20210219 * cMT3151: OS version 20210219 For additional information, refer to Weintek's security bulletin https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf .
Is CVE-2023-38584 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2023-38584 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-38584?
CVE-2023-38584 affects Weintek cMT-FHD, Weintek cMT-HDM, Weintek cMT3071, Weintek cMT3072, Weintek cMT3103, Weintek cMT3090, Weintek cMT3151.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.