CVE-2021-27444

Name: CVE-2021-27444
Creator: NVD / NIST
Published: 2022-05-16T18:15:08.11+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.8/10EPSS 1.05%

Last modified Jun 17, 2026

CVE-2021-27444 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. The Weintek cMT product line is vulnerable to various improper access controls, which may allow an unauthenticated attacker to remotely access and download sensitive information and perform administrative actions on behalf of a legitimate administrator.. EPSS estimates a 1.05% chance of exploitation in the next 30 days.

Description

The Weintek cMT product line is vulnerable to various improper access controls, which may allow an unauthenticated attacker to remotely access and download sensitive information and perform administrative actions on behalf of a legitimate administrator.

Metrics

CVSS 3.1

9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

1.05%

60.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-284

Affected Software

Vendor	Product	Versions
Weintek	Cmt-Svr-100 Firmware	< 20210305
Weintek	Cmt-Svr-102 Firmware	< 20210305
Weintek	Cmt-Svr-200 Firmware	< 20210305
Weintek	Cmt-Svr-202 Firmware	< 20210305
Weintek	Cmt-G01 Firmware	< 20210209
Weintek	Cmt-G02 Firmware	< 20210209
Weintek	Cmt-G03 Firmware	< 20210222
Weintek	Cmt-G04 Firmware	< 20210222
Weintek	Cmt3071 Firmware	< 20210218
Weintek	Cmt3072 Firmware	< 20210218
Weintek	Cmt3090 Firmware	< 20210218
Weintek	Cmt3103 Firmware	< 20210218
Weintek	Cmt3151 Firmware	< 20210218
Weintek	Cmt-Hdm Firmware	< 20210204
Weintek	Cmt-Fhd Firmware	< 20210208
Weintek	Cmt-Ctrl01 Firmware	< 20210302

References

https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdfMitigation, Vendor Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01Third Party Advisory, US Government Resource
https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdfMitigation, Vendor Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01Third Party Advisory, US Government Resource

Timeline

Published: May 16, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2021-27444?

How severe is CVE-2021-27444?

CVE-2021-27444 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 1.05% probability of exploitation in the next 30 days.

How do I fix CVE-2021-27444?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-27444?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST