Improper access control

2019-08-1421:15:00

PRIOn knowledge base

www.prio-n.com

8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.3%

JSON

eQ-3 Homematic CCU3 AddOn ‘Mediola NEO Server for Homematic CCU3’ prior to 2.4.5 allows uncontrolled admin access to start or stop the Node.js process, resulting in the ability to obtain mediola configuration details. This is related to improper access control for addons configuration pages and a missing check in rc.d/97NeoServer.

CPENameOperatorVersion
neo_serverlt2.4.5

CPE	Name	Operator	Version
	neo_server	lt	2.4.5

References

github.com/psytester/psytester.github.io/blob/master/_posts/hacking_and_pentests/CVEs/2019-06-29-CVE-2019-13030.md

psytester.github.io/CVE-2019-13030/