A Remote Code Execution (RCE) issue in the addon CUx-Daemon 1.11a of the eQ-3 Homematic CCU-Firmware 2.35.16 until 2.45.6 allows remote authenticated attackers to execute system commands as root remotely via a simple HTTP request.
CPE | Name | Operator | Version |
---|---|---|---|
ccu2_firmware | ge | 2.35.16 | |
ccu2_firmware | le | 2.45.6 | |
cux-daemon | eq | >= 1.11a AND <= 2.2.0 |