Lucene search
K

126 matches found

NVD
NVD
added 2019/08/14 9:15 p.m.24 views

CVE-2019-9585

eQ-3 Homematic CCU2 prior to 2.47.10 and CCU3 prior to 3.47.10 JSON API has Improper Access Control for Interface.Metadata related operations, resulting in the ability to read, set and deletion of Metadata...

9.8CVSS9.5AI score0.02711EPSS
Exploits1References2
Prion
Prion
added 2019/08/14 9:15 p.m.20 views

Improper access control

eQ-3 Homematic CCU2 prior to 2.47.10 and CCU3 prior to 3.47.10 JSON API has Improper Access Control for Interface.Metadata related operations, resulting in the ability to read, set and deletion of Metadata...

7.5CVSS9.3AI score0.02711EPSS
Exploits1References2Affected Software2
Prion
Prion
added 2019/08/14 9:15 p.m.19 views

Improper access control

eQ-3 Homematic AddOn 'CloudMatic' on CCU2 and CCU3 allows uncontrolled admin access, resulting in the ability to obtain VPN profile details, shutting down the VPN service and to delete the VPN service configuration. This is related to improper access control for all /addons/mh/ pages...

7.5CVSS9.2AI score0.02711EPSS
Exploits1References2Affected Software2
NVD
NVD
added 2019/08/14 8:15 p.m.14 views

CVE-2019-9582

eQ-3 Homematic CCU2 outdated base software packages allows Denial of Service. CCU2 affected versions: 2.35.16, 2.41.5, 2.41.8, 2.41.9, 2.45.6, 2.45.7, 2.47.10, 2.47.12, 2.47.15...

7.8CVSS7.6AI score0.02378EPSS
Exploits1References2
NVD
NVD
added 2019/08/14 8:15 p.m.30 views

CVE-2019-9583

eQ-3 Homematic CCU2 and CCU3 obtain session IDs without login. This allows a Denial of Service and is a starting point for other attacks. Affected versions for CCU2: 2.35.16, 2.41.5, 2.41.8, 2.41.9, 2.45.6, 2.45.7, 2.47.10, 2.47.12, 2.47.15. Affected versions for CCU3: 3.41.11, 3.43.16, 3.45.5,...

8.2CVSS7.6AI score0.01877EPSS
Exploits1References2
Prion
Prion
added 2019/08/14 8:15 p.m.17 views

Design/Logic Flaw

eQ-3 Homematic CCU2 outdated base software packages allows Denial of Service. CCU2 affected versions: 2.35.16, 2.41.5, 2.41.8, 2.41.9, 2.45.6, 2.45.7, 2.47.10, 2.47.12, 2.47.15...

7.8CVSS7.5AI score0.02378EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2019/08/14 8:15 p.m.18 views

Code injection

eQ-3 Homematic CCU2 and CCU3 obtain session IDs without login. This allows a Denial of Service and is a starting point for other attacks. Affected versions for CCU2: 2.35.16, 2.41.5, 2.41.8, 2.41.9, 2.45.6, 2.45.7, 2.47.10, 2.47.12, 2.47.15. Affected versions for CCU3: 3.41.11, 3.43.16, 3.45.5,...

6.4CVSS7.7AI score0.01877EPSS
Exploits1References2Affected Software2
Cvelist
Cvelist
added 2019/08/14 8:10 p.m.25 views

CVE-2019-9585

eQ-3 Homematic CCU2 prior to 2.47.10 and CCU3 prior to 3.47.10 JSON API has Improper Access Control for Interface.Metadata related operations, resulting in the ability to read, set and deletion of Metadata...

9.5AI score0.02711EPSS
Exploits1References2
CVE
CVE
added 2019/08/14 8:10 p.m.44 views

CVE-2019-9585

CVE-2019-9585 affects eQ-3 Homematic CCU2 (before 2.47.10) and CCU3 (before 3.47.10). The JSON API has improper access control, enabling metadata read, set, and delete operations via the interface. ROOT CAUSE: insufficient access restrictions on the JSON API. IMPACT: potential disclosure and modi...

9.8CVSS9.3AI score0.02711EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2019/08/14 8:3 p.m.44 views

CVE-2019-9584

CVE-2019-9584 involves the eQ-3 Homematic AddOn “CloudMatic” running on CCU2/CCU3. The issue is improper access control on all /addons/mh/ pages, enabling uncontrolled admin access. This allows attackers to obtain VPN profile details, shut down the VPN service, and delete the VPN service configur...

9.8CVSS9.2AI score0.02711EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2019/08/14 7:57 p.m.47 views

CVE-2019-9582

CVE-2019-9582 affects eQ-3 Homematic CCU2 via outdated base software packages, enabling Denial of Service. Affected CCU2 versions: 2.35.16, 2.41.5, 2.41.8, 2.41.9, 2.45.6, 2.45.7, 2.47.10, 2.47.12, 2.47.15. The provided connected documents state the vulnerability vector as a DoS condition due to ...

7.8CVSS7.5AI score0.02378EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2019/08/14 7:57 p.m.17 views

CVE-2019-9582

eQ-3 Homematic CCU2 outdated base software packages allows Denial of Service. CCU2 affected versions: 2.35.16, 2.41.5, 2.41.8, 2.41.9, 2.45.6, 2.45.7, 2.47.10, 2.47.12, 2.47.15...

7.6AI score0.02378EPSS
Exploits1References2
CVE
CVE
added 2019/08/14 7:47 p.m.51 views

CVE-2019-9583

The CVE-2019-9583 issue affects eQ-3 Homematic CCU2 and CCU3: attackers can obtain session IDs without authentication, enabling a Denial of Service and acting as a starting point for further attacks. Affected CCU2 versions include 2.35.16, 2.41.5/2.41.8/2.41.9, 2.45.6/2.45.7, 2.47.10/2.47.12/2.47...

8.2CVSS7.5AI score0.01877EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2019/08/13 8:15 p.m.5 views

CVE-2019-14984

eQ-3 Homematic CCU2 and CCU3 with the XML-API through 1.2.0 AddOn installed allow Remote Code Execution by unauthenticated attackers with access to the web interface, because the undocumented addons/xmlapi/exec.cgi script uses CMDEXEC to execute TCL code from a POST request...

8.1CVSS6AI score0.05755EPSS
Exploits1References1
NVD
NVD
added 2019/08/13 8:15 p.m.16 views

CVE-2019-14985

eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn installed allow Remote Code Execution by unauthenticated attackers with access to the web interface, because this interface can access the CMDEXEC virtual device type 28...

9.8CVSS9.8AI score0.11324EPSS
Exploits1References1
NVD
NVD
added 2019/08/13 8:15 p.m.29 views

CVE-2019-14984

eQ-3 Homematic CCU2 and CCU3 with the XML-API through 1.2.0 AddOn installed allow Remote Code Execution by unauthenticated attackers with access to the web interface, because the undocumented addons/xmlapi/exec.cgi script uses CMDEXEC to execute TCL code from a POST request...

8.1CVSS8.6AI score0.05755EPSS
Exploits1References1
NVD
NVD
added 2019/08/13 8:15 p.m.22 views

CVE-2019-14986

eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn before 2.3.0 installed allow administrative operations by unauthenticated attackers with access to the web interface, because features such as File-Browser and Shell Command as well as "Set root password" are exposed...

9.3CVSS8.3AI score0.02531EPSS
Exploits1References1
OSV
OSV
added 2019/08/13 8:15 p.m.4 views

CVE-2019-14986

eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn before 2.3.0 installed allow administrative operations by unauthenticated attackers with access to the web interface, because features such as File-Browser and Shell Command as well as "Set root password" are exposed...

8.1CVSS7.3AI score0.02531EPSS
Exploits1References1
Prion
Prion
added 2019/08/13 8:15 p.m.17 views

Design/Logic Flaw

eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn installed allow Remote Code Execution by unauthenticated attackers with access to the web interface, because this interface can access the CMDEXEC virtual device type 28...

7.5CVSS9.7AI score0.11324EPSS
Exploits1References1Affected Software2
Prion
Prion
added 2019/08/13 8:15 p.m.19 views

Design/Logic Flaw

eQ-3 Homematic CCU2 and CCU3 with the XML-API through 1.2.0 AddOn installed allow Remote Code Execution by unauthenticated attackers with access to the web interface, because the undocumented addons/xmlapi/exec.cgi script uses CMDEXEC to execute TCL code from a POST request...

6.8CVSS8.4AI score0.05755EPSS
Exploits1References1Affected Software2
Rows per page
Query Builder