244 matches found
CVE-2018-7300
CVE-2018-7300 affects eQ-3 AG Homematic CCU2 (version 2.29.2 and earlier). The issue is a Directory Traversal/Arbitrary File Write vulnerability in the User.setLanguage method that permits remote attackers with access to the device’s web interface to write arbitrary files to the filesystem, poten...
CVE-2018-7298
Affected product: eQ-3 AG HomeMatic CCU2 (version 2.29.22). Issue: loopupd.sh downloads software update packages over HTTP, which provides no cryptographic protection. Root cause: lack of integrity/ authenticity verification for firmware updates due to plain HTTP delivery. Impact: attacker with n...
HomeMatic WebUI Detection
The script sends a HTTP request to the server and attempts to extract the version from the reply. SPDX-FileCopyrightText: 2015 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
HomeMatic Default Credentials (SSH)
The remote HomeMatic device is using known default credentials. SPDX-FileCopyrightText: 2015 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...