Vulnerabilities (CVE)

Filtered by vendor Eq-3 Subscribe

Filtered by product Ccu2 Firmware

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 3 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2019-10122	1 Eq-3	4 Ccu2, Ccu2 Firmware, Ccu3 and 1 more	2021-07-21	7.5 HIGH	9.8 CRITICAL
eQ-3 HomeMatic CCU2 devices before 2.41.9 and CCU3 devices before 3.43.16 have buffer overflows in the ReGa ise GmbH HTTP-Server 2.0 component, aka HMCCU-179. This may lead to remote code execution.
CVE-2019-10119	1 Eq-3	4 Ccu2, Ccu2 Firmware, Ccu3 and 1 more	2020-08-24	7.5 HIGH	9.8 CRITICAL
eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16 use session IDs for authentication but lack authorization checks. An attacker can obtain a session ID via an invalid login attempt to the RemoteApi account, aka HMCCU-154. This leads to automatic login as admin.
CVE-2019-10121	1 Eq-3	4 Ccu2, Ccu2 Firmware, Ccu3 and 1 more	2020-08-24	7.5 HIGH	9.8 CRITICAL
eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.15 use session IDs for authentication but lack authorization checks. An attacker can obtain a session ID via the user authentication dialogue, aka HMCCU-153. This leads to automatic login as admin.