eQ-3 AG HomeMatic CCU2 Arbitrary File Write Vulnerability

The eQ-3 AG Homematic CCU2 is a central control unit for controlling smart home devices from eQ-3 Germany. A directory traversal vulnerability exists in User.setLanguage in eQ-3 AG Homematic CCU2 version 2.29.2 and earlier. A remote attacker can exploit this vulnerability to write arbitrary files...

CVE-2018-7300

Directory Traversal / Arbitrary File Write / Remote Code Execution in the User.setLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to write arbitrary files to the device's filesystem. This vulnerability can be exploited by unauthenticated attackers with access ...