Lucene search

[email protected]CVE-2019-9726

HistoryMay 13, 2019 - 5:29 p.m.

CVE-2019-9726

2019-05-1317:29:03

CWE-22

[email protected]

web.nvd.nist.gov

cve-2019-9726

directory traversal

arbitrary file read

eq-3 ag

homematic ccu3

nvd

vulnerability

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.6 High

AI Score

Confidence

High

0.036 Low

EPSS

Percentile

91.7%

JSON

Directory Traversal / Arbitrary File Read in eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to read arbitrary files of the device’s filesystem. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.

Affected configurations

NVD

Node

eq-3ccu3_firmwareRange≤3.43.15

AND

eq-3ccu3Match-

CPENameOperatorVersion
eq-3:ccu3_firmwareeq-3 ccu3 firmwarele3.43.15

CPE	Name	Operator	Version
eq-3:ccu3_firmware	eq-3 ccu3 firmware	le	3.43.15

References

atomic111.github.io/article/homematic-ccu3-fileread

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.6 High

AI Score

Confidence

High

0.036 Low

EPSS

Percentile

91.7%

JSON

Related for CVE-2019-9726

cvelist1 prion1 nuclei1 nvd1 openvas1