Ccu2 Firmware Security Vulnerabilities and Issues — Ccu2 Firmware CVE List

Lucene search

Eq-3Ccu2 Firmware

4 matches found

CVE•added 2019/07/10 12:15 p.m.•40 views

CVE-2019-10122

eQ-3 HomeMatic CCU2 devices before 2.41.9 and CCU3 devices before 3.43.16 have buffer overflows in the ReGa ise GmbH HTTP-Server 2.0 component, aka HMCCU-179. This may lead to remote code execution.

9.8CVSS9.8AI score0.03506EPSS

CVE•added 2019/10/17 2:15 p.m.•39 views

CVE-2019-14423

A Remote Code Execution (RCE) issue in the addon CUx-Daemon 1.11a of the eQ-3 Homematic CCU-Firmware 2.35.16 until 2.45.6 allows remote authenticated attackers to execute system commands as root remotely via a simple HTTP request.

9CVSS8.7AI score0.07781EPSS

CVE•added 2019/07/10 12:15 p.m.•34 views

CVE-2019-10119

eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16 use session IDs for authentication but lack authorization checks. An attacker can obtain a session ID via an invalid login attempt to the RemoteApi account, aka HMCCU-154. This leads to automatic login as admin.

9.8CVSS9.4AI score0.00285EPSS

CVE•added 2019/07/10 12:15 p.m.•31 views

CVE-2019-10121

eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.15 use session IDs for authentication but lack authorization checks. An attacker can obtain a session ID via the user authentication dialogue, aka HMCCU-153. This leads to automatic login as admin.

9.8CVSS9.4AI score0.00379EPSS