Lucene search
K

10 matches found

CNVD
CNVD
added 2020/05/18 12:0 a.m.2 views

Unspecified Vulnerabilities in eQ-3 Homematic CCU2 and CCU3

The eQ-3 Homematic CCU3 and eQ-3 HomeMatic CCU2 are both central control units for a smart home system from eQ-3 Germany. A security vulnerability exists in eQ-3 Homematic CCU2 version 2.51.6 and earlier and CCU3 version 3.51.6 and earlier, which stems from turning on the default automatic login...

9.8CVSS7.3AI score0.11072EPSS
Exploits1References1
Prion
Prion
added 2019/11/14 7:15 p.m.16 views

Remote code execution

eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the E-Mail AddOn through 1.6.8.c installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the save.cgi script for payload upload and the testtcl.cgi script for its execution...

7.5CVSS9.8AI score0.3384EPSS
Exploits1References1Affected Software3
NVD
NVD
added 2019/10/17 2:15 p.m.25 views

CVE-2019-14423

A Remote Code Execution RCE issue in the addon CUx-Daemon 1.11a of the eQ-3 Homematic CCU-Firmware 2.35.16 until 2.45.6 allows remote authenticated attackers to execute system commands as root remotely via a simple HTTP request...

9CVSS8.8AI score0.19899EPSS
Exploits1References2
Prion
Prion
added 2019/10/17 2:15 p.m.22 views

Cross site request forgery (csrf)

A Local File Inclusion LFI issue in the addon CUx-Daemon 1.11a of the eQ-3 Homematic CCU-Firmware 2.35.16 until 2.45.6 allows remote authenticated attackers to read sensitive files via a simple HTTP Request...

4CVSS6.1AI score0.01364EPSS
Exploits1References2Affected Software2
Prion
Prion
added 2019/10/17 2:15 p.m.21 views

Cross site request forgery (csrf)

A Remote Code Execution RCE issue in the addon CUx-Daemon 1.11a of the eQ-3 Homematic CCU-Firmware 2.35.16 until 2.45.6 allows remote authenticated attackers to execute system commands as root remotely via a simple HTTP request...

9CVSS8.7AI score0.19899EPSS
Exploits1References2Affected Software2
Cvelist
Cvelist
added 2019/10/17 1:28 p.m.25 views

CVE-2019-14423

A Remote Code Execution RCE issue in the addon CUx-Daemon 1.11a of the eQ-3 Homematic CCU-Firmware 2.35.16 until 2.45.6 allows remote authenticated attackers to execute system commands as root remotely via a simple HTTP request...

8.9AI score0.19899EPSS
Exploits1References2
CVE
CVE
added 2019/10/17 1:28 p.m.55 views

CVE-2019-14423

CVE-2019-14423 affects the CUx-Daemon addon (version 1.11a) used by eQ-3 Homematic CCU-Firmware, impacting firmware 2.35.16 up to 2.45.6. The issue enables remote authenticated attackers to execute system commands as root over a simple HTTP request due to the described RCE vulnerability. Source d...

9CVSS8.7AI score0.19899EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2019/10/17 1:21 p.m.26 views

CVE-2019-14424

A Local File Inclusion LFI issue in the addon CUx-Daemon 1.11a of the eQ-3 Homematic CCU-Firmware 2.35.16 until 2.45.6 allows remote authenticated attackers to read sensitive files via a simple HTTP Request...

6.1AI score0.01364EPSS
Exploits1References2
OSV
OSV
added 2019/08/06 7:15 p.m.5 views

CVE-2019-14473

eQ-3 Homematic CCU2 and CCU3 use session IDs for authentication but lack authorization checks. Consequently, a valid guest level or user level account can create a new admin level account, read the service messages, clear the system protocol or modify/delete internal programs, etc. pp...

8.8CVSS7.3AI score0.01859EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2019/06/12 12:0 a.m.4 views

VulnCheck KEV: CVE-2018-7297

Remote Code Execution in the TCL script interpreter in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to obtain read/write access and execute system commands on the device. This vulnerability can be exploited by unauthenticated attackers with access to the web interface...

10CVSS7.5AI score0.64811EPSS
Exploits2References1
Rows per page
Query Builder