Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Eq-3 Subscribe
Filtered by product Homematic Ccu3 Firmware

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-14984 1 Eq-3 4 Homematic Ccu2, Homematic Ccu2 Firmware, Homematic Ccu3 and 1 more 2020-08-24 6.8 MEDIUM 8.1 HIGH
eQ-3 Homematic CCU2 and CCU3 with the XML-API through 1.2.0 AddOn installed allow Remote Code Execution by unauthenticated attackers with access to the web interface, because the undocumented addons/xmlapi/exec.cgi script uses CMD_EXEC to execute TCL code from a POST request.
CVE-2019-14986 1 Eq-3 4 Homematic Ccu2, Homematic Ccu2 Firmware, Homematic Ccu3 and 1 more 2020-08-24 9.3 HIGH 8.1 HIGH
eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn before 2.3.0 installed allow administrative operations by unauthenticated attackers with access to the web interface, because features such as File-Browser and Shell Command (as well as "Set root password") are exposed.
CVE-2019-15850 1 Eq-3 2 Homematic Ccu3, Homematic Ccu3 Firmware 2020-08-24 9.0 HIGH 8.8 HIGH
eQ-3 HomeMatic CCU3 firmware version 3.41.11 allows Remote Code Execution in the ReGa.runScript method. An authenticated attacker can easily execute code and compromise the system.
CVE-2019-9583 1 Eq-3 4 Homematic Ccu2, Homematic Ccu2 Firmware, Homematic Ccu3 and 1 more 2020-04-10 6.4 MEDIUM 8.2 HIGH
eQ-3 Homematic CCU2 and CCU3 obtain session IDs without login. This allows a Denial of Service and is a starting point for other attacks. Affected versions for CCU2: 2.35.16, 2.41.5, 2.41.8, 2.41.9, 2.45.6, 2.45.7, 2.47.10, 2.47.12, 2.47.15. Affected versions for CCU3: 3.41.11, 3.43.16, 3.45.5, 3.45.7, 3.47.10, 3.47.15.
CVE-2019-15849 1 Eq-3 2 Homematic Ccu3, Homematic Ccu3 Firmware 2019-10-22 4.9 MEDIUM 7.3 HIGH
eQ-3 HomeMatic CCU3 firmware 3.41.11 allows session fixation. An attacker can create session IDs and send them to the victim. After the victim logs in to the session, the attacker can use that session. The attacker could create SSH logins after a valid session and easily compromise the system.