CVE-2020-12834

eQ-3 Homematic Central Control Unit CCU2 through 2.51.6 and CCU3 through 3.51.6 allow Remote Code Execution in the JSON API Method ReGa.runScript, by unauthenticated attackers with access to the web interface, due to the default auto-login feature being enabled during first-time setup or factory...

eQ-3 Homematic CCU3 Remote Code Execution Vulnerability (CNVD-2020-14281)

The eQ-3 Homematic CCU3 is a central control unit for smart home systems from eQ-3 Germany. A remote code execution vulnerability exists in the ReGa.runScript method in the eQ-3 Homematic CCU3 using firmware version 3.41.11, which can be exploited by an attacker to execute code and compromise the...

eQ-3 Homematic CCU3 Session Fixation Vulnerability

The eQ-3 Homematic CCU3 is a central control unit for smart home systems from eQ-3 Germany. A session fixation vulnerability exists in the eQ-3 Homematic CCU3 using firmware version 3.41.11, which can be exploited by an attacker to log in and control the system by creating a session ID and sendin...

eQ-3 HomeMatic CCU2 and eQ-3 Homematic CCU3 Access Control Error Vulnerabilities

The eQ-3 Homematic CCU3 and the eQ-3 HomeMatic CCU2 are both central control units for a smart home system from eQ-3 Germany. An access control error vulnerability exists in the JSON API in the eQ-3 Homematic CCU2 version prior to 2.47.10 and the eQ-3 Homematic CCU3 version prior to 3.47.10, whic...

eQ-3 Homematic CCU2 and CCU3 Input Validation Error Vulnerability

The eQ-3 Homematic CCU3 and eQ-3 HomeMatic CCU2 are both central control units for a smart home system from eQ-3 Germany. An input validation error vulnerability exists in eQ-3 Homematic CCU2 and CCU3, which can be exploited by an unauthenticated attacker to achieve remote code execution...

eQ-3 Homematic CCU2 and CCU3 Command Injection Vulnerabilities

The eQ-3 Homematic CCU3 and eQ-3 HomeMatic CCU2 are both central control units for a smart home system from eQ-3 Germany. A command injection vulnerability exists in the eQ-3 Homematic CCU2 and CCU3, which can be exploited by an attacker to execute an illegal command if a networked system or...

CVE-2019-14474

eQ-3 Homematic CCU3 3.47.15 and prior has Improper Input Validation in function 'Call' of ReGa core logic process, resulting in the ability to start a Denial of Service. Due to Improper Authorization an attacker can obtain a session ID from CVE-2019-9583 or a valid guest/user/admin account can...

eQ-3 AG HomeMatic CCU2 Malicious Firmware Update Vulnerability

The eQ-3 AG Homematic CCU2 is a central control unit for controlling smart home devices from eQ-3 Germany. A security vulnerability in the /usr/local/etc/config/addons/mh/loopupd.sh file in the eQ-3 AG Homematic CCU2 version 2.29.22 stems from the program's failure to provide cryptographic...

eQ-3 AG HomeMatic CCU2 User.getLanguage method directory traversal vulnerability

The eQ-3 AG Homematic CCU2 is a central control unit for controlling smart home devices from eQ-3 Germany. A directory traversal vulnerability exists in the User.getLanguage method in eQ-3 AG Homematic CCU2 version 2.29.2 and earlier. A remote attacker can exploit this vulnerability to read the...

eQ-3 AG HomeMatic CCU2 Remote Code Execution Vulnerability

The eQ-3 AG Homematic CCU2 is a central control unit for controlling smart home devices from eQ-3 Germany. A remote code execution vulnerability exists in the addon installation process in eQ-3 AG Homematic CCU2 version 2.29.2 and earlier. An attacker could exploit the vulnerability to create or...

eQ-3 AG HomeMatic CCU2 Arbitrary File Write Vulnerability

The eQ-3 AG Homematic CCU2 is a central control unit for controlling smart home devices from eQ-3 Germany. A directory traversal vulnerability exists in User.setLanguage in eQ-3 AG Homematic CCU2 version 2.29.2 and earlier. A remote attacker can exploit this vulnerability to write arbitrary files...

eQ-3 AG HomeMatic CCU2 Remote Code Execution Vulnerability (CNVD-2018-05831)

The eQ-3 AG Homematic CCU2 is a central control unit for controlling smart home devices from the German company eQ-3. tcl script interpreter is one of the script interpreters for the TCL language. A remote code execution vulnerability exists in the TCL script interpreter in eQ-3 AG Homematic CCU2...

CVE-2018-7301

eQ-3 AG HomeMatic CCU2 2.29.22 devices have an open XML-RPC port without authentication. This can be exploited by sending arbitrary XML-RPC requests to control the attached BidCos devices...