CVE-2024-55026 is a critical vulnerability identified in the reset_pj.cgi endpoint of the Weintek cMT-3072XH2 easyweb interface version 2.1.53 running OS version 20231011. The vulnerability allows an unauthenticated attacker to execute arbitrary system commands by sending a crafted GET request to this endpoint. This type of flaw is typically classified as a command injection vulnerability, where user-supplied input is improperly sanitized before being passed to system-level command execution functions. The lack of authentication means that any attacker with network access to the device's web interface can exploit this issue remotely. The affected product, Weintek cMT-3072XH2, is an HMI (Human Machine Interface) device commonly used in industrial automation to monitor and control machinery and processes. Successful exploitation could allow attackers to disrupt industrial operations, manipulate device behavior, or pivot into broader network environments. No CVSS score has been assigned yet, and no public exploit code is known at this time. The vulnerability was reserved in December 2024 and published in March 2026. No official patches or mitigation instructions have been provided yet, increasing the urgency for organizations to implement compensating controls.

The impact of CVE-2024-55026 is significant for organizations relying on Weintek cMT-3072XH2 devices in their industrial control systems. Exploitation can lead to full compromise of the device, allowing attackers to execute arbitrary commands, potentially disrupting industrial processes, causing equipment damage, or leading to safety hazards. The integrity and availability of critical operational technology systems could be severely affected. Additionally, attackers could use the compromised device as a foothold to move laterally within the network, threatening broader enterprise IT infrastructure. Given the device’s role in automation, the impact extends beyond IT to physical processes, increasing the risk of operational downtime and financial loss. The lack of authentication requirement and ease of exploitation elevate the threat level. Organizations in manufacturing, energy, utilities, and critical infrastructure sectors are particularly vulnerable.

Until an official patch is released by Weintek, organizations should implement strict network segmentation to isolate the cMT-3072XH2 devices from untrusted networks, including the internet. Access to the device’s web interface should be restricted using firewalls or VPNs to trusted personnel only. Intrusion detection and prevention systems should be configured to monitor and block suspicious GET requests targeting the reset_pj.cgi endpoint. Regularly audit device configurations and network logs for signs of exploitation attempts. If possible, disable or restrict the reset_pj.cgi endpoint or the web interface temporarily until a patch is available. Engage with Weintek support for updates and apply security patches promptly once released. Additionally, implement strong physical security controls to prevent unauthorized local access to the devices.