CVE-2024-55020
Published: 03 March 2026
Summary
CVE-2024-55020 is a critical-severity Improper Input Validation (CWE-20) vulnerability in Weintek Easyweb. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 27.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly counters the improper input validation (CWE-20) enabling OS command injection (CWE-78) in the DHCP activation feature.
Ensures timely remediation and patching of the specific command injection vulnerability to eliminate root privilege exploitation.
Restricts malicious inputs at system boundaries to block command injection attempts on the unauthenticated web interface.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated command injection vulnerability in public-facing web application (easyWeb Web) enables remote exploitation for arbitrary root command execution, directly facilitating T1190 (Exploit Public-Facing Application) and T1059.004 (Unix Shell).
NVD Description
A command injection vulnerability in the DHCP activation feature of Weintek cMT-3072XH2 easyweb Web Version v2.1.53, OS v20231011 allows attackers to execute arbitrary commands with root privileges.
Deeper analysisAI
CVE-2024-55020 is a command injection vulnerability in the DHCP activation feature of Weintek cMT-3072XH2 easyWeb Web Version v2.1.53 running on OS v20231011. It allows attackers to execute arbitrary commands with root privileges. The vulnerability is associated with CWE-20 (Improper Input Validation) and CWE-78 (OS Command Injection) and has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility and lack of prerequisites.
Remote attackers require no privileges or user interaction to exploit this vulnerability over the network with low complexity. Successful exploitation grants root-level command execution on the affected device, potentially enabling full system compromise, data exfiltration, persistence, or further lateral movement within industrial control system environments where Weintek cMT-3072XH2 HMIs are deployed.
Mitigation details are available in the referenced advisories, including the GitHub Gist at https://gist.github.com/AenganZ/f86ed0da28825a1432ec697f484622de and the Notion page at https://plain-trick-71d.notion.site/weintek-cMT-3072XH2-14687a89c4c181eeb21ad61e0392f34b?pvs=4. Security practitioners should consult these sources for patching instructions or workarounds specific to the affected versions.
Details
- CWE(s)