CVE-2024-55022

HighRCE

Published: 03 March 2026

Published

03 March 2026

Modified

09 March 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0035 57.7th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-55022 is a high-severity Code Injection (CWE-94) vulnerability in Weintek Easyweb. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 42.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

SI-10 directly prevents command injection by requiring validation of untrusted inputs like the HMI Name parameter to ensure only valid data is processed.

SI-2 Flaw Remediation good match

prevent

SI-2 mitigates the vulnerability by requiring timely identification, reporting, and patching of the specific command injection flaw in easyweb v2.1.53.

AC-6 Least Privilege partial match

prevent

AC-6 limits the impact of exploited command injection by enforcing least privilege on low-privilege authenticated users, restricting what injected commands can achieve.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1059 Command and Scripting Interpreter Execution

Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.

attack.mitre.org →

Why these techniques?

Authenticated command injection via web-accessible HMI Name parameter in easyweb enables exploitation of public-facing application (T1190) for arbitrary remote command execution (T1059).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain an authenticated command injection vulnerability via the HMI Name parameter.

Deeper analysisAI

CVE-2024-55022 is an authenticated command injection vulnerability (CWE-94) affecting Weintek cMT-3072XH2 devices running easyweb v2.1.53 and OS v20231011. The issue arises via the HMI Name parameter, enabling injection of arbitrary commands when processed by the affected software components. Published on 2026-03-03, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.

An authenticated attacker with low privileges (PR:L) can exploit this vulnerability remotely over the network (AV:N) with low attack complexity (AC:L) and without requiring user interaction (UI:N). Successful exploitation allows high-impact consequences, including unauthorized access to sensitive data (C:H), modification or deletion of information (I:H), and disruption of device availability (A:H), all within the unchanged scope (S:U) of the targeted system.

Advisories and additional details on mitigation are available in the following references: https://gist.github.com/AenganZ/f86ed0da28825a1432ec697f484622de and https://plain-trick-71d.notion.site/weintek-cMT-3072XH2-14687a89c4c181eeb21ad61e0392f34b?pvs=4.