Ccu2 Firmware Security Vulnerabilities and Issues — Ccu2 Firmware CVE List

Lucene search

Eq-3Ccu2 Firmware

8 matches found

CVE•added 2019/08/05 8:15 p.m.•51 views

CVE-2019-14475

eQ-3 Homematic CCU2 2.47.15 and prior and CCU3 3.47.15 and prior use session IDs for authentication but lack authorization checks. An attacker can obtain a session ID from CVE-2019-9583, resulting in the ability to read the service messages, clear the system protocol, create a new user in the syste...

7.5CVSS7.5AI score0.00374EPSS

CVE•added 2019/10/17 2:15 p.m.•43 views

CVE-2019-14424

A Local File Inclusion (LFI) issue in the addon CUx-Daemon 1.11a of the eQ-3 Homematic CCU-Firmware 2.35.16 until 2.45.6 allows remote authenticated attackers to read sensitive files via a simple HTTP Request.

6.5CVSS6AI score0.00328EPSS

CVE•added 2019/07/10 12:15 p.m.•42 views

CVE-2019-10120

On eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16, automatic login configuration (aka setAutoLogin) can be achieved by continuing to use a session ID after a logout, aka HMCCU-154.

8.8CVSS8.6AI score0.00193EPSS

CVE•added 2019/07/10 12:15 p.m.•40 views

CVE-2019-10122

eQ-3 HomeMatic CCU2 devices before 2.41.9 and CCU3 devices before 3.43.16 have buffer overflows in the ReGa ise GmbH HTTP-Server 2.0 component, aka HMCCU-179. This may lead to remote code execution.

9.8CVSS9.8AI score0.03506EPSS

CVE•added 2019/08/06 7:15 p.m.•40 views

CVE-2019-14473

eQ-3 Homematic CCU2 and CCU3 use session IDs for authentication but lack authorization checks. Consequently, a valid guest level or user level account can create a new admin level account, read the service messages, clear the system protocol or modify/delete internal programs, etc. pp.

8.8CVSS8.7AI score0.00497EPSS

CVE•added 2019/10/17 2:15 p.m.•39 views

CVE-2019-14423

A Remote Code Execution (RCE) issue in the addon CUx-Daemon 1.11a of the eQ-3 Homematic CCU-Firmware 2.35.16 until 2.45.6 allows remote authenticated attackers to execute system commands as root remotely via a simple HTTP request.

9CVSS8.7AI score0.07781EPSS

CVE•added 2019/07/10 12:15 p.m.•34 views

CVE-2019-10119

eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16 use session IDs for authentication but lack authorization checks. An attacker can obtain a session ID via an invalid login attempt to the RemoteApi account, aka HMCCU-154. This leads to automatic login as admin.

9.8CVSS9.4AI score0.00285EPSS

CVE•added 2019/07/10 12:15 p.m.•31 views

CVE-2019-10121

eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.15 use session IDs for authentication but lack authorization checks. An attacker can obtain a session ID via the user authentication dialogue, aka HMCCU-153. This leads to automatic login as admin.

9.8CVSS9.4AI score0.00379EPSS