CVE-2024-55026 is a command injection vulnerability found in the reset_pj.cgi endpoint of the Weintek cMT-3072XH2 easyweb interface version 2.1.53 running OS version 20231011. This endpoint improperly validates or restricts input parameters in GET requests, allowing an attacker with limited privileges (PR:L) to execute arbitrary system commands remotely without requiring user interaction. The vulnerability is classified under CWE-256, which relates to the use of hard-coded or weak credentials or insufficient access control mechanisms. The attack vector is network-based (AV:N), meaning it can be exploited remotely over the network. The vulnerability affects the confidentiality, integrity, and availability of the device, as arbitrary command execution can lead to data leakage, unauthorized modifications, or denial of service. Although no public exploits are currently known, the high CVSS score (8.8) reflects the critical nature of this flaw. The affected device, Weintek cMT-3072XH2, is commonly used in industrial control systems and automation environments, making this vulnerability particularly concerning for operational technology (OT) networks. The lack of available patches at the time of publication increases the urgency for organizations to implement compensating controls.

The exploitation of CVE-2024-55026 can have severe consequences for organizations relying on Weintek cMT-3072XH2 devices. Successful command injection can lead to full system compromise, allowing attackers to exfiltrate sensitive operational data, disrupt industrial processes, or pivot to other network segments. This can result in operational downtime, safety hazards, financial losses, and damage to reputation. Given the device's role in industrial automation, critical infrastructure sectors such as manufacturing, energy, and utilities are at heightened risk. The vulnerability's network accessibility and lack of required user interaction increase the likelihood of exploitation if attackers gain limited access. Additionally, the high impact on confidentiality, integrity, and availability underscores the potential for widespread disruption in affected environments.

Organizations should immediately conduct an inventory to identify affected Weintek cMT-3072XH2 devices running easyweb v2.1.53 and OS v20231011. Until an official patch is released, implement strict network segmentation to isolate these devices from untrusted networks and restrict access to the reset_pj.cgi endpoint via firewall rules or access control lists. Employ strong authentication mechanisms and monitor network traffic for suspicious GET requests targeting the reset_pj.cgi endpoint. Regularly audit device configurations to ensure no default or weak credentials are in use. Consider deploying intrusion detection/prevention systems (IDS/IPS) with signatures or anomaly detection tuned for command injection attempts. Engage with Weintek support for updates or workarounds and plan for timely patch deployment once available. Additionally, implement robust logging and alerting to detect potential exploitation attempts early.