CVE-2021-27446

Name: CVE-2021-27446
Creator: NVD / NIST
Published: 2022-05-16T18:15:08.167+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.8/10EPSS 2.64%

Last modified Jun 17, 2026

CVE-2021-27446 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute commands with root privileges on the operation system.. EPSS estimates a 2.64% chance of exploitation in the next 30 days.

Description

The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute commands with root privileges on the operation system.

Metrics

CVSS 3.1

9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

2.64%

83.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Weintek	Cmt-Svr-100 Firmware	< 20210305
Weintek	Cmt-Svr-102 Firmware	< 20210305
Weintek	Cmt-Svr-200 Firmware	< 20210305
Weintek	Cmt-Svr-202 Firmware	< 20210305
Weintek	Cmt-G01 Firmware	< 20210209
Weintek	Cmt-G02 Firmware	< 20210209
Weintek	Cmt-G03 Firmware	< 20210222
Weintek	Cmt-G04 Firmware	< 20210222
Weintek	Cmt3071 Firmware	< 20210218
Weintek	Cmt3072 Firmware	< 20210218
Weintek	Cmt3090 Firmware	< 20210218
Weintek	Cmt3103 Firmware	< 20210218
Weintek	Cmt3151 Firmware	< 20210218
Weintek	Cmt-Hdm Firmware	< 20210204
Weintek	Cmt-Fhd Firmware	< 20210208
Weintek	Cmt-Ctrl01 Firmware	< 20210302

References

https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdfMitigation, Vendor Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01Third Party Advisory, US Government Resource
https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdfMitigation, Vendor Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01Third Party Advisory, US Government Resource

Timeline

Published: May 16, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2021-27446?

The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute commands with root privileges on the operation system.

How severe is CVE-2021-27446?

CVE-2021-27446 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 2.64% probability of exploitation in the next 30 days.

How do I fix CVE-2021-27446?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-27446?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST