CVE-2024-55019 – This vulnerability allows unauthenticated attac... (How to Fix)

Q: What is the severity of CVE-2024-55019?

CVE-2024-55019 has a CVSS score of 7.5 (HIGH). This vulnerability allows unauthenticated attackers to download arbitrary files from Weintek cMT-3072XH2 HMI devices via the download_wb.cgi component. It affects devices running easyweb Web Version v2.1.53 with OS v20231011. Attackers can access sensitive files without authentication.

📋 TL;DR

This vulnerability allows unauthenticated attackers to download arbitrary files from Weintek cMT-3072XH2 HMI devices via the download_wb.cgi component. It affects devices running easyweb Web Version v2.1.53 with OS v20231011. Attackers can access sensitive files without authentication.

💻 Affected Systems

Products:

Weintek cMT-3072XH2

Versions: easyweb Web Version v2.1.53 with OS v20231011

Operating Systems: Weintek OS v20231011

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects devices with the vulnerable web component enabled. Older versions may also be affected but not confirmed.

📦 What is this software?

Cmt 3072xh2 Firmware by Weintek

View all CVEs affecting Cmt 3072xh2 Firmware →

Easyweb by Weintek

View all CVEs affecting Easyweb →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise through extraction of configuration files, credentials, or sensitive operational data leading to industrial process disruption or lateral movement into OT networks.

🟠

Likely Case

Exfiltration of configuration files containing network settings, device credentials, or PLC programming logic that could enable further attacks.

🟢

If Mitigated

Limited impact if device is isolated behind firewalls with strict network segmentation and access controls.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple HTTP request to download_wb.cgi with file parameter allows arbitrary file download. Public proof-of-concept available in references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None found

Restart Required: No

Instructions:

No official patch available. Monitor Weintek website for security updates. Consider upgrading to newer versions if available.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict network access to the device web interface using firewall rules

Disable Web Interface

all

Disable the easyweb web interface if not required for operations

🧯 If You Can't Patch

Implement strict network segmentation to isolate HMI devices from untrusted networks
Deploy web application firewall (WAF) rules to block requests to download_wb.cgi

🔍 How to Verify

Check if Vulnerable:

Attempt to access http://[device_ip]/download_wb.cgi?file=/etc/passwd (or other known files) without authentication

Check Version:

Check device web interface or configuration for version information

Verify Fix Applied:

Verify that unauthenticated requests to download_wb.cgi return access denied or 404 errors

📡 Detection & Monitoring

Log Indicators:

Multiple failed authentication attempts followed by successful download_wb.cgi access
Unusual file download patterns from HMI web interface

Network Indicators:

HTTP GET requests to /download_wb.cgi with file parameter from untrusted sources
Unusual outbound data transfers from HMI devices

SIEM Query:

source_ip=[HMI_IP] AND (url_path CONTAINS 'download_wb.cgi' OR http_method='GET' AND url_query CONTAINS 'file=')

📊 Metadata

CVE ID: CVE-2024-55019

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-284

Published: March 3, 2026

Last Updated: March 4, 2026

🔗 References

https://gist.github.com/AenganZ/f86ed0da28825a1432ec697f484622de Third Party Advisory
https://plain-trick-71d.notion.site/weintek-cMT-3072XH2-14687a89c4c181eeb21ad61e0392f34b?pvs=4 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-55019, you might also want to check these: