Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:23 a.m.7 views

CVE-2019-9583

eQ-3 Homematic CCU2 and CCU3 obtain session IDs without login. This allows a Denial of Service and is a starting point for other attacks. Affected versions for CCU2: 2.35.16, 2.41.5, 2.41.8, 2.41.9, 2.45.6, 2.45.7, 2.47.10, 2.47.12, 2.47.15. Affected versions for CCU3: 3.41.11, 3.43.16, 3.45.5,...

8.2CVSS6.8AI score0.01877EPSS
Exploits1References1
CVE
CVE
added 2019/08/14 7:47 p.m.51 views

CVE-2019-9583

The CVE-2019-9583 issue affects eQ-3 Homematic CCU2 and CCU3: attackers can obtain session IDs without authentication, enabling a Denial of Service and acting as a starting point for further attacks. Affected CCU2 versions include 2.35.16, 2.41.5/2.41.8/2.41.9, 2.45.6/2.45.7, 2.47.10/2.47.12/2.47...

8.2CVSS7.5AI score0.01877EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2019/08/07 6:15 p.m.31 views

Authorization

eQ-3 Homematic CCU3 3.47.15 and prior has Improper Input Validation in function 'Call' of ReGa core logic process, resulting in the ability to start a Denial of Service. Due to Improper Authorization an attacker can obtain a session ID from CVE-2019-9583 or a valid guest/user/admin account can...

5CVSS7.6AI score0.01917EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2019/08/07 5:12 p.m.28 views

CVE-2019-14474

eQ-3 Homematic CCU3 3.47.15 and prior has Improper Input Validation in function 'Call' of ReGa core logic process, resulting in the ability to start a Denial of Service. Due to Improper Authorization an attacker can obtain a session ID from CVE-2019-9583 or a valid guest/user/admin account can...

7.6AI score0.01917EPSS
Exploits1References1
Prion
Prion
added 2019/08/05 8:15 p.m.24 views

Authorization

eQ-3 Homematic CCU2 2.47.15 and prior and CCU3 3.47.15 and prior use session IDs for authentication but lack authorization checks. An attacker can obtain a session ID from CVE-2019-9583, resulting in the ability to read the service messages, clear the system protocol, create a new user in the...

5CVSS7.7AI score0.01969EPSS
Exploits2References1Affected Software2
Cvelist
Cvelist
added 2019/08/05 7:27 p.m.25 views

CVE-2019-14475

eQ-3 Homematic CCU2 2.47.15 and prior and CCU3 3.47.15 and prior use session IDs for authentication but lack authorization checks. An attacker can obtain a session ID from CVE-2019-9583, resulting in the ability to read the service messages, clear the system protocol, create a new user in the...

7.6AI score0.01969EPSS
Exploits1References1
Rows per page
Query Builder