6 matches found
CVE-2019-10119
eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16 use session IDs for authentication but lack authorization checks. An attacker can obtain a session ID via an invalid login attempt to the RemoteApi account, aka HMCCU-154. This leads to automatic login as admin...
CVE-2019-10120
On eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16, automatic login configuration aka setAutoLogin can be achieved by continuing to use a session ID after a logout, aka HMCCU-154...
Design/Logic Flaw
eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16 use session IDs for authentication but lack authorization checks. An attacker can obtain a session ID via an invalid login attempt to the RemoteApi account, aka HMCCU-154. This leads to automatic login as admin...
CVE-2019-10119
The CVE-2019-10119 issue affects eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16, where authentication relies on session IDs but lacks proper authorization checks. An attacker can obtain a valid session ID via an invalid login attempt to the RemoteApi account (HMCCU-154)...
CVE-2019-10119
eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16 use session IDs for authentication but lack authorization checks. An attacker can obtain a session ID via an invalid login attempt to the RemoteApi account, aka HMCCU-154. This leads to automatic login as admin...
CVE-2019-10120
The CVE-2019-10120 issue affects eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16, where an active session ID can be reused after logout to enable automatic login (setAutoLogin). This is caused by session handling that does not invalidate the session on logout. Affected v...