Cyber Resilience

CVE-2024-55021

HighRCE

Published: 03 March 2026

Published
03 March 2026
Modified
09 March 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0005 15.9th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-55021 is a high-severity Use of Hard-coded Credentials (CWE-798) vulnerability in Weintek Easyweb. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Valid Accounts (T1078); ranked at the 15.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and IA-5 (Authenticator Management).

Deeper analysis

CVE-2024-55021 is a vulnerability in Weintek cMT-3072XH2 devices running easyweb v2.1.53 and OS v20231011, involving a hardcoded password within the FTP protocol. This issue, published on 2026-03-03, is associated with CWE-798 (use of hard-coded credentials) and CWE-78 (improper neutralization of special elements used in an OS command), earning a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

The vulnerability enables remote attackers to exploit it over the network with low attack complexity, requiring no privileges, user interaction, or scope changes. Exploitation grants high confidentiality impact, allowing unauthorized access to sensitive data via the FTP service using the hardcoded password.

Advisories providing further details, including potential mitigation guidance, are available at https://gist.github.com/AenganZ/f86ed0da28825a1432ec697f484622de and https://plain-trick-71d.notion.site/weintek-cMT-3072XH2-14687a89c4c181eeb21ad61e0392f34b?pvs=4.

EU & UK References

Vulnerability details

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded password in the FTP protocol.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1078 Valid Accounts Stealth
Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
T1133 External Remote Services Persistence
Adversaries may leverage external-facing remote services to initially access and/or persist within a network.
Why these techniques?

Hardcoded FTP credentials directly enable remote access to the device using valid accounts over an exposed external service (FTP), granting unauthorized data access.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-55020Same product: Weintek Cmt-3072Xh2
CVE-2024-55027Same product: Weintek Cmt-3072Xh2
CVE-2024-55026Same product: Weintek Cmt-3072Xh2
CVE-2024-55024Same product: Weintek Cmt-3072Xh2
CVE-2024-55019Same product: Weintek Cmt-3072Xh2
CVE-2024-55022Same product: Weintek Cmt-3072Xh2
CVE-2024-48126Shared CWE-798
CVE-2026-28255Shared CWE-798
CVE-2024-57811Shared CWE-798
CVE-2020-37092Shared CWE-798

Affected Assets

weintek
easyweb
2.1.53
weintek
cmt-3072xh2 firmware
20231011

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses hardcoded credentials by requiring organizations to manage, protect, and change default authenticators used in services like FTP.

prevent

Prohibits or restricts unnecessary functions such as the FTP service, eliminating exposure of the hardcoded password.

prevent

Monitors and controls communications at system boundaries to block network access to the FTP port, preventing remote exploitation.

References