Homematic Ccu2 Firmware Security Vulnerabilities and Issues — Homematic Ccu2 Firmware CVE List

Lucene search

Eq-3Homematic Ccu2 Firmware

11 matches found

CVE•added 2019/09/17 9:15 p.m.•100 views

CVE-2019-16199

eQ-3 Homematic CCU2 before 2.47.18 and CCU3 before 3.47.18 allow Remote Code Execution by unauthenticated attackers with access to the web interface via an HTTP POST request to certain URLs related to the ReGa core process.

9.8CVSS9.6AI score0.49415EPSS

CVE•added 2019/11/14 7:15 p.m.•56 views

CVE-2019-18939

eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the HM-Print AddOn through 1.2a installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the exec.cgi and exec1.cgi scripts, which execute TCL script content from an HTTP POST request.

9.8CVSS9.8AI score0.47374EPSS

CVE•added 2019/11/14 7:15 p.m.•44 views

CVE-2019-18938

eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the E-Mail AddOn through 1.6.8.c installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the save.cgi script for payload upload and the testtcl.cgi script for its execution.

9.8CVSS9.9AI score0.30108EPSS

CVE•added 2019/11/14 7:15 p.m.•41 views

CVE-2019-18937

eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the Script Parser AddOn through 1.8 installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the exec.cgi script, which executes TCL script content from an HTTP POST request.

9.8CVSS9.7AI score0.30108EPSS

CVE•added 2019/08/14 8:15 p.m.•37 views

CVE-2019-9583

eQ-3 Homematic CCU2 and CCU3 obtain session IDs without login. This allows a Denial of Service and is a starting point for other attacks. Affected versions for CCU2: 2.35.16, 2.41.5, 2.41.8, 2.41.9, 2.45.6, 2.45.7, 2.47.10, 2.47.12, 2.47.15. Affected versions for CCU3: 3.41.11, 3.43.16, 3.45.5, 3.4...

8.2CVSS7.5AI score0.00147EPSS

CVE•added 2019/08/14 8:15 p.m.•34 views

CVE-2019-9582

eQ-3 Homematic CCU2 outdated base software packages allows Denial of Service. CCU2 affected versions: 2.35.16, 2.41.5, 2.41.8, 2.41.9, 2.45.6, 2.45.7, 2.47.10, 2.47.12, 2.47.15.

7.8CVSS7.5AI score0.00173EPSS

CVE•added 2019/08/14 9:15 p.m.•32 views

CVE-2019-9584

eQ-3 Homematic AddOn 'CloudMatic' on CCU2 and CCU3 allows uncontrolled admin access, resulting in the ability to obtain VPN profile details, shutting down the VPN service and to delete the VPN service configuration. This is related to improper access control for all /addons/mh/ pages.

9.8CVSS9.2AI score0.00448EPSS

CVE•added 2019/08/13 8:15 p.m.•31 views

CVE-2019-14985

eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn installed allow Remote Code Execution by unauthenticated attackers with access to the web interface, because this interface can access the CMD_EXEC virtual device type 28.

9.8CVSS9.6AI score0.49415EPSS

CVE•added 2019/08/13 8:15 p.m.•30 views

CVE-2019-14986

eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn before 2.3.0 installed allow administrative operations by unauthenticated attackers with access to the web interface, because features such as File-Browser and Shell Command (as well as "Set root password") are exposed.

9.3CVSS8.2AI score0.02056EPSS

CVE•added 2019/08/13 8:15 p.m.•28 views

CVE-2019-14984

eQ-3 Homematic CCU2 and CCU3 with the XML-API through 1.2.0 AddOn installed allow Remote Code Execution by unauthenticated attackers with access to the web interface, because the undocumented addons/xmlapi/exec.cgi script uses CMD_EXEC to execute TCL code from a POST request.

8.1CVSS8.5AI score0.10704EPSS

CVE•added 2019/08/14 9:15 p.m.•28 views

CVE-2019-9585

eQ-3 Homematic CCU2 prior to 2.47.10 and CCU3 prior to 3.47.10 JSON API has Improper Access Control for Interface.***Metadata related operations, resulting in the ability to read, set and deletion of Metadata.

9.8CVSS9.3AI score0.00448EPSS