2 matches found
CVE-2019-10121
eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.15 use session IDs for authentication but lack authorization checks. An attacker can obtain a session ID via the user authentication dialogue, aka HMCCU-153. This leads to automatic login as admin...
CVE-2019-10121
CVE-2019-10121 affects eQ-3 HomeMatic CCU2 (before 2.41.8) and CCU3 (before 3.43.15): authentication uses session IDs without proper authorization checks, allowing an attacker to get an admin session via the user authentication dialogue (HMCCU-153). Mitigations/patches exist in the vendor changel...