Lucene search
K

244 matches found

Prion
Prion
added 2019/09/17 9:15 p.m.21 views

Remote code execution

eQ-3 Homematic CCU2 before 2.47.18 and CCU3 before 3.47.18 allow Remote Code Execution by unauthenticated attackers with access to the web interface via an HTTP POST request to certain URLs related to the ReGa core process...

7.5CVSS9.7AI score0.1314EPSS
Exploits1References1Affected Software2
Cvelist
Cvelist
added 2019/09/17 8:53 p.m.26 views

CVE-2019-16199

eQ-3 Homematic CCU2 before 2.47.18 and CCU3 before 3.47.18 allow Remote Code Execution by unauthenticated attackers with access to the web interface via an HTTP POST request to certain URLs related to the ReGa core process...

9.8AI score0.1314EPSS
Exploits1References1
CVE
CVE
added 2019/09/17 8:53 p.m.118 views

CVE-2019-16199

CVE-2019-16199 affects eQ-3 Homematic CCU2 before 2.47.18 and CCU3 before 3.47.18. The issue enables Remote Code Execution by unauthenticated attackers who can reach the device’s web interface and issue an HTTP POST to URLs related to the ReGa core process. The Red Hat/NVD entries corroborate una...

9.8CVSS9.6AI score0.1314EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2019/08/14 9:15 p.m.24 views

CVE-2019-9585

eQ-3 Homematic CCU2 prior to 2.47.10 and CCU3 prior to 3.47.10 JSON API has Improper Access Control for Interface.Metadata related operations, resulting in the ability to read, set and deletion of Metadata...

9.8CVSS9.5AI score0.02711EPSS
Exploits1References2
OSV
OSV
added 2019/08/14 9:15 p.m.4 views

CVE-2019-9585

eQ-3 Homematic CCU2 prior to 2.47.10 and CCU3 prior to 3.47.10 JSON API has Improper Access Control for Interface.Metadata related operations, resulting in the ability to read, set and deletion of Metadata...

9.8CVSS7.3AI score0.02711EPSS
Exploits1References2
NVD
NVD
added 2019/08/14 9:15 p.m.18 views

CVE-2019-9584

eQ-3 Homematic AddOn 'CloudMatic' on CCU2 and CCU3 allows uncontrolled admin access, resulting in the ability to obtain VPN profile details, shutting down the VPN service and to delete the VPN service configuration. This is related to improper access control for all /addons/mh/ pages...

9.8CVSS9.4AI score0.02711EPSS
Exploits1References2
OSV
OSV
added 2019/08/14 9:15 p.m.5 views

CVE-2019-9584

eQ-3 Homematic AddOn 'CloudMatic' on CCU2 and CCU3 allows uncontrolled admin access, resulting in the ability to obtain VPN profile details, shutting down the VPN service and to delete the VPN service configuration. This is related to improper access control for all /addons/mh/ pages...

9.8CVSS7.3AI score0.02711EPSS
Exploits1References2
NVD
NVD
added 2019/08/14 9:15 p.m.17 views

CVE-2019-13030

eQ-3 Homematic CCU3 AddOn 'Mediola NEO Server for Homematic CCU3' prior to 2.4.5 allows uncontrolled admin access to start or stop the Node.js process, resulting in the ability to obtain mediola configuration details. This is related to improper access control for addons configuration pages and a...

8.2CVSS8.1AI score0.01899EPSS
Exploits1References2
OSV
OSV
added 2019/08/14 9:15 p.m.4 views

CVE-2019-13030

eQ-3 Homematic CCU3 AddOn 'Mediola NEO Server for Homematic CCU3' prior to 2.4.5 allows uncontrolled admin access to start or stop the Node.js process, resulting in the ability to obtain mediola configuration details. This is related to improper access control for addons configuration pages and a...

8.2CVSS7.3AI score0.01899EPSS
Exploits1References2
Prion
Prion
added 2019/08/14 9:15 p.m.20 views

Improper access control

eQ-3 Homematic CCU2 prior to 2.47.10 and CCU3 prior to 3.47.10 JSON API has Improper Access Control for Interface.Metadata related operations, resulting in the ability to read, set and deletion of Metadata...

7.5CVSS9.3AI score0.02711EPSS
Exploits1References2Affected Software2
Prion
Prion
added 2019/08/14 9:15 p.m.19 views

Improper access control

eQ-3 Homematic AddOn 'CloudMatic' on CCU2 and CCU3 allows uncontrolled admin access, resulting in the ability to obtain VPN profile details, shutting down the VPN service and to delete the VPN service configuration. This is related to improper access control for all /addons/mh/ pages...

7.5CVSS9.2AI score0.02711EPSS
Exploits1References2Affected Software2
Prion
Prion
added 2019/08/14 9:15 p.m.12 views

Improper access control

eQ-3 Homematic CCU3 AddOn 'Mediola NEO Server for Homematic CCU3' prior to 2.4.5 allows uncontrolled admin access to start or stop the Node.js process, resulting in the ability to obtain mediola configuration details. This is related to improper access control for addons configuration pages and a...

6.4CVSS8AI score0.01899EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2019/08/14 8:17 p.m.22 views

CVE-2019-13030

eQ-3 Homematic CCU3 AddOn 'Mediola NEO Server for Homematic CCU3' prior to 2.4.5 allows uncontrolled admin access to start or stop the Node.js process, resulting in the ability to obtain mediola configuration details. This is related to improper access control for addons configuration pages and a...

8.1AI score0.01899EPSS
Exploits1References2
CVE
CVE
added 2019/08/14 8:17 p.m.749 views

CVE-2019-13030

The CVE-2019-13030 entry concerns the eQ-3 Homematic CCU3 AddOn “Mediola NEO Server for Homematic CCU3” vulnerable before version 2.4.5. The root cause is improper access control on addon configuration pages and a missing check in rc.d/97NeoServer, allowing an unauthenticated admin to start/stop ...

8.2CVSS8AI score0.01899EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2019/08/14 8:15 p.m.13 views

CVE-2019-9582

eQ-3 Homematic CCU2 outdated base software packages allows Denial of Service. CCU2 affected versions: 2.35.16, 2.41.5, 2.41.8, 2.41.9, 2.45.6, 2.45.7, 2.47.10, 2.47.12, 2.47.15...

7.8CVSS7.6AI score0.02378EPSS
Exploits1References2
OSV
OSV
added 2019/08/14 8:15 p.m.4 views

CVE-2019-9582

eQ-3 Homematic CCU2 outdated base software packages allows Denial of Service. CCU2 affected versions: 2.35.16, 2.41.5, 2.41.8, 2.41.9, 2.45.6, 2.45.7, 2.47.10, 2.47.12, 2.47.15...

7.5CVSS7.1AI score0.02378EPSS
Exploits1References2
NVD
NVD
added 2019/08/14 8:15 p.m.29 views

CVE-2019-9583

eQ-3 Homematic CCU2 and CCU3 obtain session IDs without login. This allows a Denial of Service and is a starting point for other attacks. Affected versions for CCU2: 2.35.16, 2.41.5, 2.41.8, 2.41.9, 2.45.6, 2.45.7, 2.47.10, 2.47.12, 2.47.15. Affected versions for CCU3: 3.41.11, 3.43.16, 3.45.5,...

8.2CVSS7.6AI score0.01877EPSS
Exploits1References2
OSV
OSV
added 2019/08/14 8:15 p.m.5 views

CVE-2019-9583

eQ-3 Homematic CCU2 and CCU3 obtain session IDs without login. This allows a Denial of Service and is a starting point for other attacks. Affected versions for CCU2: 2.35.16, 2.41.5, 2.41.8, 2.41.9, 2.45.6, 2.45.7, 2.47.10, 2.47.12, 2.47.15. Affected versions for CCU3: 3.41.11, 3.43.16, 3.45.5,...

8.2CVSS7.1AI score0.01877EPSS
Exploits1References2
Prion
Prion
added 2019/08/14 8:15 p.m.18 views

Code injection

eQ-3 Homematic CCU2 and CCU3 obtain session IDs without login. This allows a Denial of Service and is a starting point for other attacks. Affected versions for CCU2: 2.35.16, 2.41.5, 2.41.8, 2.41.9, 2.45.6, 2.45.7, 2.47.10, 2.47.12, 2.47.15. Affected versions for CCU3: 3.41.11, 3.43.16, 3.45.5,...

6.4CVSS7.7AI score0.01877EPSS
Exploits1References2Affected Software2
Prion
Prion
added 2019/08/14 8:15 p.m.16 views

Design/Logic Flaw

eQ-3 Homematic CCU2 outdated base software packages allows Denial of Service. CCU2 affected versions: 2.35.16, 2.41.5, 2.41.8, 2.41.9, 2.45.6, 2.45.7, 2.47.10, 2.47.12, 2.47.15...

7.8CVSS7.5AI score0.02378EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder