Browse all 5 CVE security advisories affecting Welotec. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Welotec develops industrial control systems and automation solutions for manufacturing and utility sectors. Historically, their products have been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from insufficient input validation and insecure default configurations. The company has addressed multiple CVEs related to authentication bypass and command injection in their web interfaces. While no major public security incidents have been documented, the consistent pattern of vulnerabilities in their web-based components suggests a need for enhanced security development practices. Their systems' critical infrastructure role makes proper vulnerability management essential for operational security.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-41714 | Path Traversal via 'Upload-Key' in SmartEMS Upload Handling — SmartEMS Web ApplicationCWE-22 | 8.8 | High | 2025-09-10 |
| CVE-2025-41702 | egOS WebGUI Hard-Coded JWT Secret Enables Authentication Bypass — EG400Mk2-D11001-000101CWE-321 | 9.8 | Critical | 2025-08-26 |
| CVE-2024-3911 | Welotec: Clickjacking Vulnerability in WebUI — SMART EMSCWE-1021 | 6.5 | Medium | 2024-04-23 |
| CVE-2023-1083 | Welotec: improper access control in TK500v1 router series — TK515LCWE-306 | 9.8 | Critical | 2024-04-09 |
| CVE-2023-1082 | Welotec: Command injection vulnerability in TK500v1 router series — TK515LCWE-78 | 8.8 | High | 2024-04-09 |
This page lists every published CVE security advisory associated with Welotec. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.