Vulnerabilities (CVE)

Filtered by vendor Eq-3 Subscribe

Filtered by product Homematic Central Control Unit Ccu2

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2018-7297	1 Eq-3	2 Homematic Central Control Unit Ccu2, Homematic Central Control Unit Ccu2 Firmware	2019-10-03	10.0 HIGH	9.8 CRITICAL
Remote Code Execution in the TCL script interpreter in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to obtain read/write access and execute system commands on the device. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.
CVE-2018-7301	1 Eq-3	2 Homematic Central Control Unit Ccu2, Homematic Central Control Unit Ccu2 Firmware	2018-03-18	7.5 HIGH	9.8 CRITICAL
eQ-3 AG HomeMatic CCU2 2.29.22 devices have an open XML-RPC port without authentication. This can be exploited by sending arbitrary XML-RPC requests to control the attached BidCos devices.