Cross site request forgery (csrf)

2019-10-1714:15:00

PRIOn knowledge base

www.prio-n.com

8.7 High

AI Score

Confidence

High

0.013 Low

EPSS

Percentile

86.0%

JSON

A Remote Code Execution (RCE) issue in the addon CUx-Daemon 1.11a of the eQ-3 Homematic CCU-Firmware 2.35.16 until 2.45.6 allows remote authenticated attackers to execute system commands as root remotely via a simple HTTP request.

CPENameOperatorVersion
ccu2_firmwarege2.35.16
ccu2_firmwarele2.45.6
cux-daemoneq>= 1.11a AND <= 2.2.0

Name	Operator	Version
ccu2_firmware	ge	2.35.16
ccu2_firmware	le	2.45.6
cux-daemon	eq	>= 1.11a AND <= 2.2.0

References

noskill1337.github.io/homematic-with-cux-daemon-remote-code-execution

www.eq-3.com/products/homematic.html