Eq-3

Homematic Ccu2 Firmware

14 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2019-14984

Exploit
  • EPSS 10.7%
  • Veröffentlicht 13.08.2019 20:15:12
  • Zuletzt bearbeitet 21.11.2024 04:27:49

eQ-3 Homematic CCU2 and CCU3 with the XML-API through 1.2.0 AddOn installed allow Remote Code Execution by unauthenticated attackers with access to the web interface, because the undocumented addons/xmlapi/exec.cgi script uses CMD_EXEC to execute TCL...

9.8

CVE-2019-14985

Exploit
  • EPSS 49.42%
  • Veröffentlicht 13.08.2019 20:15:12
  • Zuletzt bearbeitet 21.11.2024 04:27:49

eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn installed allow Remote Code Execution by unauthenticated attackers with access to the web interface, because this interface can access the CMD_EXEC virtual device type 28.

9.3

CVE-2019-14986

Exploit
  • EPSS 2.06%
  • Veröffentlicht 13.08.2019 20:15:12
  • Zuletzt bearbeitet 21.11.2024 04:27:49

eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn before 2.3.0 installed allow administrative operations by unauthenticated attackers with access to the web interface, because features such as File-Browser and Shell Command (as well as "Set root passw...

10

CVE-2018-7300

  • EPSS 12.41%
  • Veröffentlicht 22.02.2018 19:29:05
  • Zuletzt bearbeitet 21.11.2024 04:11:57

Directory Traversal / Arbitrary File Write / Remote Code Execution in the User.setLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to write arbitrary files to the device's filesystem. This vulnerability can be expl...