CVE-2024-55026 in cMT-3072XH2 easyweb
Summary
by MITRE • 03/03/2026
An issue in the reset_pj.cgi endpoint of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to execute arbitrary commands via supplying a crafted GET request.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 03/04/2026
The vulnerability identified as CVE-2024-55026 resides within the reset_pj.cgi endpoint of Weintek cMT-3072XH2 easyweb version 2.1.53 running on OS version 20231011. This represents a critical security flaw that exposes industrial control systems to remote code execution attacks. The affected device operates as a programmable logic controller with web interface capabilities, commonly deployed in manufacturing and industrial automation environments where operational technology security is paramount.
The technical implementation of this vulnerability stems from inadequate input validation and authentication mechanisms within the reset_pj.cgi script. When an attacker submits a crafted GET request to the endpoint, the system fails to properly sanitize user-supplied parameters before processing them. This lack of proper input validation creates a path for command injection attacks, allowing malicious actors to execute arbitrary system commands with the privileges of the web application. The vulnerability manifests as a classic command injection flaw, which can be categorized under CWE-77 and mapped to ATT&CK technique T1059.001 for command and script injection.
The operational impact of this vulnerability extends beyond simple unauthorized access, as it enables attackers to gain full control over the industrial control system. An attacker could potentially manipulate production processes, alter critical parameters, or even cause physical damage to equipment through the execution of malicious commands. The exposed web interface provides an accessible attack surface that can be leveraged from external networks, making industrial environments particularly vulnerable. This vulnerability directly impacts the integrity and availability of industrial control systems, potentially leading to production downtime, safety hazards, and regulatory compliance violations.
Mitigation strategies for CVE-2024-55026 should include immediate patching of the affected Weintek cMT-3072XH2 devices with the vendor-provided security update. Network segmentation should be implemented to isolate industrial control systems from general network access, utilizing firewalls and access control lists to restrict traffic to the vulnerable endpoint. Additional security measures include disabling unnecessary web services, implementing strong authentication mechanisms, and conducting regular security audits of industrial control system components. Organizations should also consider implementing intrusion detection systems to monitor for suspicious network activity targeting industrial control system interfaces. The vulnerability highlights the importance of securing operational technology environments and demonstrates the critical need for regular security assessments of industrial control system components to prevent similar exposures in the future.