Cyber Resilience

CVE-2024-55020

CriticalRCE

Published: 03 March 2026

Published
03 March 2026
Modified
04 March 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0167 73.7th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2024-55020 is a critical-severity Improper Input Validation (CWE-20) vulnerability in Weintek Easyweb. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 26.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-55020 is a command injection vulnerability in the DHCP activation feature of Weintek cMT-3072XH2 easyWeb Web Version v2.1.53 running on OS v20231011. It allows attackers to execute arbitrary commands with root privileges. The vulnerability is associated with CWE-20 (Improper Input Validation) and CWE-78 (OS Command Injection) and has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility and lack of prerequisites.

Remote attackers require no privileges or user interaction to exploit this vulnerability over the network with low complexity. Successful exploitation grants root-level command execution on the affected device, potentially enabling full system compromise, data exfiltration, persistence, or further lateral movement within industrial control system environments where Weintek cMT-3072XH2 HMIs are deployed.

Mitigation details are available in the referenced advisories, including the GitHub Gist at https://gist.github.com/AenganZ/f86ed0da28825a1432ec697f484622de and the Notion page at https://plain-trick-71d.notion.site/weintek-cMT-3072XH2-14687a89c4c181eeb21ad61e0392f34b?pvs=4. Security practitioners should consult these sources for patching instructions or workarounds specific to the affected versions.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A command injection vulnerability in the DHCP activation feature of Weintek cMT-3072XH2 easyweb Web Version v2.1.53, OS v20231011 allows attackers to execute arbitrary commands with root privileges.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

Unauthenticated command injection vulnerability in public-facing web application (easyWeb Web) enables remote exploitation for arbitrary root command execution, directly facilitating T1190 (Exploit Public-Facing Application) and T1059.004 (Unix Shell).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-55026Same product: Weintek Cmt-3072Xh2
CVE-2024-55024Same product: Weintek Cmt-3072Xh2
CVE-2024-55019Same product: Weintek Cmt-3072Xh2
CVE-2024-55021Same product: Weintek Cmt-3072Xh2
CVE-2024-55022Same product: Weintek Cmt-3072Xh2
CVE-2024-55027Same product: Weintek Cmt-3072Xh2
CVE-2026-24893Shared CWE-20, CWE-78
CVE-2024-56132Shared CWE-20, CWE-78
CVE-2018-25115Shared CWE-78
CVE-2024-57016Shared CWE-78

Affected Assets

weintek
easyweb
2.1.53
weintek
cmt-3072xh2 firmware
20231011

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly counters the improper input validation (CWE-20) enabling OS command injection (CWE-78) in the DHCP activation feature.

prevent

Ensures timely remediation and patching of the specific command injection vulnerability to eliminate root privilege exploitation.

prevent

Restricts malicious inputs at system boundaries to block command injection attempts on the unauthenticated web interface.

References