The vulnerability of the User.setLanguage method in the microprogramming software of the HomeMatic Central Control Unit 2 allows a intruder to write arbitrary files and execute arbitrary code on the device.

The vulnerability of the User.setLanguage method in the microprogramming software of the HomeMatic Central Control Unit 2 is related to deficiencies in security mechanisms. Exploiting this vulnerability allows a malicious actor to remotely write arbitrary files and execute arbitrary code on the...

eQ-3 AG HomeMatic CCU2 Arbitrary File Write Vulnerability

The eQ-3 AG Homematic CCU2 is a central control unit for controlling smart home devices from eQ-3 Germany. A directory traversal vulnerability exists in User.setLanguage in eQ-3 AG Homematic CCU2 version 2.29.2 and earlier. A remote attacker can exploit this vulnerability to write arbitrary files...

CVE-2018-7300

Directory Traversal / Arbitrary File Write / Remote Code Execution in the User.setLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to write arbitrary files to the device's filesystem. This vulnerability can be exploited by unauthenticated attackers with access ...