CVE-2024-55019 identifies an access control vulnerability in the download_wb.cgi component of the Weintek cMT-3072XH2 easyweb Web Version v2.1.53, running OS version v20231011. The flaw allows unauthenticated remote attackers to download arbitrary files from the device by exploiting improper access control mechanisms. This vulnerability is classified under CWE-284 (Improper Access Control), indicating that the application fails to properly restrict access to sensitive resources. The CVSS v3.1 base score is 6.5 (medium severity), with an attack vector of network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and impacts confidentiality (C:L) and availability (A:L) but not integrity (I:N). The vulnerability could expose sensitive configuration files or other data stored on the device, potentially leading to information disclosure. Although no public exploits are currently known, the ease of exploitation and lack of authentication requirements make this a notable risk. The affected product is commonly used in industrial automation and HMI (Human Machine Interface) environments, where unauthorized data access could have operational consequences. No patches or fixes are currently linked, so mitigation relies on network-level controls and monitoring.

The primary impact of CVE-2024-55019 is unauthorized disclosure of sensitive information due to arbitrary file download capability without authentication. This can lead to leakage of configuration files, credentials, or operational data, which attackers could use for further attacks or espionage. The vulnerability does not allow modification of files, so integrity impact is minimal. Availability impact is low but possible if sensitive files are critical for operation and their exposure leads to secondary attacks. Industrial organizations using Weintek cMT-3072XH2 devices could face operational risks, intellectual property theft, or compliance violations. The medium severity score reflects a moderate risk, but the lack of authentication and network accessibility increases the likelihood of exploitation in exposed environments. Organizations with internet-facing or poorly segmented industrial control systems are particularly vulnerable.

1. Implement network segmentation to isolate Weintek cMT-3072XH2 devices from untrusted networks, especially the internet. 2. Restrict access to the device’s web interface using firewall rules or VPNs to limit exposure to authorized personnel only. 3. Monitor network traffic for unusual requests to download_wb.cgi or other suspicious activity targeting the device. 4. If possible, disable or restrict the download_wb.cgi component until a vendor patch is available. 5. Regularly audit device configurations and logs to detect unauthorized access attempts. 6. Engage with Weintek support or vendor channels to obtain patches or updates addressing this vulnerability. 7. Employ intrusion detection/prevention systems (IDS/IPS) with signatures tailored to detect exploitation attempts of this vulnerability. 8. Educate operational technology (OT) security teams about this vulnerability and ensure incident response plans include scenarios involving unauthorized file access.