Unspecified Vulnerabilities in eQ-3 Homematic CCU2 and CCU3

The eQ-3 Homematic CCU3 and eQ-3 HomeMatic CCU2 are both central control units for a smart home system from eQ-3 Germany. A security vulnerability exists in eQ-3 Homematic CCU2 version 2.51.6 and earlier and CCU3 version 3.51.6 and earlier, which stems from turning on the default automatic login...

CVE-2019-9583

eQ-3 Homematic CCU2 and CCU3 obtain session IDs without login. This allows a Denial of Service and is a starting point for other attacks. Affected versions for CCU2: 2.35.16, 2.41.5, 2.41.8, 2.41.9, 2.45.6, 2.45.7, 2.47.10, 2.47.12, 2.47.15. Affected versions for CCU3: 3.41.11, 3.43.16, 3.45.5,...

CVE-2019-10120

On eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16, automatic login configuration aka setAutoLogin can be achieved by continuing to use a session ID after a logout, aka HMCCU-154...

eQ-3 AG Homematic CCU3 Path Traversal Vulnerability

The eQ-3 AG Homematic CCU3 is a set of home automation controls from the German company eQ-3 AG. A path traversal vulnerability exists in eQ-3 AG Homematic CCU3 version 3.43.15 and earlier. The vulnerability stems from a failure of a networked system or product to properly filter special elements...