Lucene search
+L

126 matches found

NVD
NVD
added 2018/02/22 7:29 p.m.21 views

CVE-2018-7301

eQ-3 AG HomeMatic CCU2 2.29.22 devices have an open XML-RPC port without authentication. This can be exploited by sending arbitrary XML-RPC requests to control the attached BidCos devices...

9.8CVSS9.5AI score0.01479EPSS
Exploits0References1
NVD
NVD
added 2018/02/22 7:29 p.m.23 views

CVE-2018-7299

Remote Code Execution in the addon installation process in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows authenticated attackers to create or overwrite arbitrary files or install malicious software on the device...

8CVSS8.1AI score0.01149EPSS
Exploits0References1
NVD
NVD
added 2018/02/22 7:29 p.m.21 views

CVE-2018-7298

In /usr/local/etc/config/addons/mh/loopupd.sh on eQ-3 AG HomeMatic CCU2 2.29.22 devices, software update packages are downloaded via the HTTP protocol, which does not provide any cryptographic protection of the downloaded contents. An attacker with a privileged network position which could be...

9.3CVSS7.9AI score0.00806EPSS
Exploits0References1
OSV
OSV
added 2018/02/22 7:29 p.m.9 views

CVE-2018-7300

Directory Traversal / Arbitrary File Write / Remote Code Execution in the User.setLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to write arbitrary files to the device's filesystem. This vulnerability can be exploited by unauthenticated attackers with access ...

9.8CVSS6AI score0.30768EPSS
Exploits2References2
OSV
OSV
added 2018/02/22 7:29 p.m.5 views

CVE-2018-7299

Remote Code Execution in the addon installation process in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows authenticated attackers to create or overwrite arbitrary files or install malicious software on the device...

8CVSS6AI score0.01149EPSS
Exploits0References1
NVD
NVD
added 2018/02/22 7:29 p.m.29 views

CVE-2018-7300

Directory Traversal / Arbitrary File Write / Remote Code Execution in the User.setLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to write arbitrary files to the device's filesystem. This vulnerability can be exploited by unauthenticated attackers with access ...

10CVSS9.8AI score0.30768EPSS
Exploits2References2
OSV
OSV
added 2018/02/22 7:29 p.m.5 views

CVE-2018-7297

Remote Code Execution in the TCL script interpreter in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to obtain read/write access and execute system commands on the device. This vulnerability can be exploited by unauthenticated attackers with access to the web interface...

9.8CVSS6AI score0.64811EPSS
Exploits2References2
NVD
NVD
added 2018/02/22 7:29 p.m.14 views

CVE-2018-7296

Directory Traversal / Arbitrary File Read in User.getLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to read the first line of an arbitrary file on the CCU2's filesystem. This vulnerability can be exploited by unauthenticated attackers with access to the web...

5.3CVSS5.4AI score0.01905EPSS
Exploits0References1
NVD
NVD
added 2018/02/22 7:29 p.m.30 views

CVE-2018-7297

Remote Code Execution in the TCL script interpreter in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to obtain read/write access and execute system commands on the device. This vulnerability can be exploited by unauthenticated attackers with access to the web interface...

10CVSS9.9AI score0.64811EPSS
Exploits2References2
OSV
OSV
added 2018/02/22 7:29 p.m.6 views

CVE-2018-7296

Directory Traversal / Arbitrary File Read in User.getLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to read the first line of an arbitrary file on the CCU2's filesystem. This vulnerability can be exploited by unauthenticated attackers with access to the web...

5.3CVSS5.9AI score0.01905EPSS
Exploits0References1
Prion
Prion
added 2018/02/22 7:29 p.m.13 views

Remote code execution

Remote Code Execution in the addon installation process in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows authenticated attackers to create or overwrite arbitrary files or install malicious software on the device...

5.2CVSS8AI score0.01149EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2018/02/22 7:29 p.m.23 views

Directory traversal

Directory Traversal / Arbitrary File Write / Remote Code Execution in the User.setLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to write arbitrary files to the device's filesystem. This vulnerability can be exploited by unauthenticated attackers with access ...

10CVSS9.7AI score0.30768EPSS
Exploits2References2Affected Software1
Prion
Prion
added 2018/02/22 7:29 p.m.20 views

Directory traversal

Directory Traversal / Arbitrary File Read in User.getLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to read the first line of an arbitrary file on the CCU2's filesystem. This vulnerability can be exploited by unauthenticated attackers with access to the web...

5CVSS5.5AI score0.01905EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2018/02/22 7:29 p.m.22 views

Design/Logic Flaw

Remote Code Execution in the TCL script interpreter in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to obtain read/write access and execute system commands on the device. This vulnerability can be exploited by unauthenticated attackers with access to the web interface...

10CVSS9.7AI score0.64811EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2018/02/22 7:0 p.m.19 views

CVE-2018-7299

Remote Code Execution in the addon installation process in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows authenticated attackers to create or overwrite arbitrary files or install malicious software on the device...

8.6AI score0.01149EPSS
Exploits0References1
CVE
CVE
added 2018/02/22 7:0 p.m.52 views

CVE-2018-7301

The CVE-2018-7301 entry concerns eQ-3 AG HomeMatic CCU2 devices (version 2.29.22) with an open XML-RPC port that requires no authentication. This allows arbitrary XML-RPC requests to control attached BidCos devices. Public details from NVD indicate a high/critical impact profile (cvss2 base 7.5, ...

9.8CVSS9.4AI score0.01479EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2018/02/22 7:0 p.m.51 views

CVE-2018-7300

CVE-2018-7300 affects eQ-3 AG Homematic CCU2 (version 2.29.2 and earlier). The issue is a Directory Traversal/Arbitrary File Write vulnerability in the User.setLanguage method that permits remote attackers with access to the device’s web interface to write arbitrary files to the filesystem, poten...

10CVSS9.7AI score0.30768EPSS
Exploits2References2Affected Software1
CVE
CVE
added 2018/02/22 7:0 p.m.40 views

CVE-2018-7296

Product affected: eQ-3 AG Homematic CCU2 devices (version 2.29.2 and earlier). Vulnerability: Directory traversal in the User.getLanguage method allows an unauthenticated remote attacker with web interface access to read the first line of an arbitrary file on the CCU2 filesystem. Impact (as state...

5.3CVSS6.3AI score0.01905EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/02/22 7:0 p.m.21 views

CVE-2018-7296

Directory Traversal / Arbitrary File Read in User.getLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to read the first line of an arbitrary file on the CCU2's filesystem. This vulnerability can be exploited by unauthenticated attackers with access to the web...

6.5AI score0.01905EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/02/22 7:0 p.m.17 views

CVE-2018-7298

In /usr/local/etc/config/addons/mh/loopupd.sh on eQ-3 AG HomeMatic CCU2 2.29.22 devices, software update packages are downloaded via the HTTP protocol, which does not provide any cryptographic protection of the downloaded contents. An attacker with a privileged network position which could be...

8.4AI score0.00806EPSS
Exploits0References1
Rows per page
Query Builder