Cyber Resilience

CVE-2024-55027

High

Published: 03 March 2026

Published
03 March 2026
Modified
04 March 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0001 1.3th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-55027 is a high-severity Cleartext Storage of Sensitive Information (CWE-312) vulnerability in Weintek Easyweb. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Credentials In Files (T1552.001); ranked at the 1.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SC-28 (Protection of Information at Rest).

Deeper analysis

CVE-2024-55027 affects Weintek cMT-3072XH2 devices running easyweb v2.1.53 and OS v20231011. The vulnerability involves the storage of credentials in plaintext within the uac_temp.db component, as identified by CWEs-312 (Cleartext Storage of Sensitive Information) and CWE-798 (Use of Hard-coded Credentials). It has a CVSS v3.1 base score of 7.5, reflecting high confidentiality impact with network accessibility, low attack complexity, no privileges or user interaction required, and unchanged scope.

Unauthenticated remote attackers can exploit this vulnerability over the network with low complexity and no user interaction. Successful exploitation allows attackers to access the uac_temp.db component and extract sensitive credentials stored in plaintext, potentially enabling further unauthorized access to the device or related systems.

Advisories detailing the issue are available at https://gist.github.com/AenganZ/f86ed0da28825a1432ec697f484622de and https://plain-trick-71d.notion.site/weintek-cMT-3072XH2-14687a89c4c181eeb21ad61e0392f34b?pvs=4. The CVE was published on 2026-03-03T20:16:41.893.

EU & UK References

Vulnerability details

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to stroe credentials in plaintext in the component uac_temp.db.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
Why these techniques?

Vulnerability is cleartext credential storage in a file (uac_temp.db), directly enabling T1552.001 for credential access.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-55021Same product: Weintek Cmt-3072Xh2
CVE-2024-55024Same product: Weintek Cmt-3072Xh2
CVE-2024-55020Same product: Weintek Cmt-3072Xh2
CVE-2024-55026Same product: Weintek Cmt-3072Xh2
CVE-2024-55022Same product: Weintek Cmt-3072Xh2
CVE-2024-55019Same product: Weintek Cmt-3072Xh2
CVE-2025-12774Shared CWE-312
CVE-2025-55263Shared CWE-798
CVE-2025-26495Shared CWE-312
CVE-2025-22896Shared CWE-312

Affected Assets

weintek
easyweb
2.1.53
weintek
cmt-3072xh2 firmware
20231011

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires cryptographic or equivalent protection for sensitive information (credentials) stored at rest in uac_temp.db, eliminating the plaintext exposure described in CWE-312.

prevent

Mandates secure generation, storage, and protection of authenticators so they are never maintained in plaintext or hard-coded form as noted in CWE-798.

prevent

Enforces access control mechanisms that would restrict unauthenticated network retrieval of the credential database even if plaintext storage occurs.

References