2 matches found
CVE-2019-14473
eQ-3 Homematic CCU2 and CCU3 use session IDs for authentication but lack authorization checks. Consequently, a valid guest level or user level account can create a new admin level account, read the service messages, clear the system protocol or modify/delete internal programs, etc. pp...
CVE-2019-14473
CVE-2019-14473 affects the eQ-3 Homematic CCU2 and CCU3. The issue arises because authentication uses session IDs but there are no proper authorization checks, allowing a valid guest or user account to escalate to admin-level access. This can enable creating a new admin account, reading service m...