Improper access control

2019-08-1421:15:00

PRIOn knowledge base

www.prio-n.com

9.3 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

82.0%

JSON

eQ-3 Homematic CCU2 prior to 2.47.10 and CCU3 prior to 3.47.10 JSON API has Improper Access Control for Interface.***Metadata related operations, resulting in the ability to read, set and deletion of Metadata.

CPENameOperatorVersion
homematic_ccu2_firmwarelt2.47.10
homematic_ccu3_firmwarelt3.47.10

CPE	Name	Operator	Version
	homematic_ccu2_firmware	lt	2.47.10
	homematic_ccu3_firmware	lt	3.47.10

References

github.com/psytester/psytester.github.io/blob/master/_posts/hacking_and_pentests/CVEs/2019-03-27-CVE-2019-9585.md

psytester.github.io/CVE-2019-9585/