9.8

CVE-2020-12834

Exploit

EPSS 45.81%
Veröffentlicht 15.05.2020 17:15:12
Zuletzt bearbeitet 21.11.2024 05:00:22
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

eQ-3 Homematic Central Control Unit (CCU)2 through 2.51.6 and CCU3 through 3.51.6 allow Remote Code Execution in the JSON API Method ReGa.runScript, by unauthenticated attackers with access to the web interface, due to the default auto-login feature being enabled during first-time setup (or factory reset).

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Eq-3 ≫ Homematic Ccu2 Firmware Version <= 2.51.6

Eq-3 ≫ Homematic Ccu2 Version-

Eq-3 ≫ Ccu3 Firmware Version <= 3.51.6

Eq-3 ≫ Homematic Ccu3 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	45.81%	0.973

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

https://psytester.github.io/CVE-2020-12834/

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2020-12834

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-12834

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-12834

EUVD