CVE-2019-14985

eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn installed allow Remote Code Execution by unauthenticated attackers with access to the web interface, because this interface can access the CMD_EXEC virtual device type 28.

Published : 2019-08-13 20:15 Updated : 2019-08-21 19:09

7.5
CVSS Score More info
Score 7.5 / 10
7.5
Vendor Product Version URI
Eq-3 Homematic Ccu2 Firmware 2.35.16 cpe:/o:eq-3:homematic_ccu2_firmware:2.35.16
Eq-3 Homematic Ccu2 Firmware 2.41.5 cpe:/o:eq-3:homematic_ccu2_firmware:2.41.5
Eq-3 Homematic Ccu2 Firmware 2.41.8 cpe:/o:eq-3:homematic_ccu2_firmware:2.41.8
Eq-3 Homematic Ccu2 Firmware 2.41.9 cpe:/o:eq-3:homematic_ccu2_firmware:2.41.9
Eq-3 Homematic Ccu2 Firmware 2.45.6 cpe:/o:eq-3:homematic_ccu2_firmware:2.45.6
Eq-3 Homematic Ccu2 Firmware 2.45.7 cpe:/o:eq-3:homematic_ccu2_firmware:2.45.7
Eq-3 Homematic Ccu2 Firmware 2.47.10 cpe:/o:eq-3:homematic_ccu2_firmware:2.47.10
Eq-3 Homematic Ccu2 Firmware 2.47.12 cpe:/o:eq-3:homematic_ccu2_firmware:2.47.12
Eq-3 Homematic Ccu2 Firmware 2.47.15 cpe:/o:eq-3:homematic_ccu2_firmware:2.47.15
Eq-3 Homematic Ccu3 Firmware 3.41.11 cpe:/o:eq-3:homematic_ccu3_firmware:3.41.11
Eq-3 Homematic Ccu3 Firmware 3.43.16 cpe:/o:eq-3:homematic_ccu3_firmware:3.43.16
Eq-3 Homematic Ccu3 Firmware 3.45.5 cpe:/o:eq-3:homematic_ccu3_firmware:3.45.5
Eq-3 Homematic Ccu3 Firmware 3.45.7 cpe:/o:eq-3:homematic_ccu3_firmware:3.45.7
Eq-3 Homematic Ccu3 Firmware 3.47.10 cpe:/o:eq-3:homematic_ccu3_firmware:3.47.10
Eq-3 Homematic Ccu3 Firmware 3.47.15 cpe:/o:eq-3:homematic_ccu3_firmware:3.47.15
  1. Eq-3 (2) Search CVE
    1. Homematic Ccu3 Firmware (6) Search CVE
      1. 3.41.11
      2. 3.43.16
      3. 3.45.5
      4. 3.45.7
      5. 3.47.10
      6. 3.47.15
    2. Homematic Ccu2 Firmware (9) Search CVE
      1. 2.35.16
      2. 2.41.5
      3. 2.41.8
      4. 2.41.9
      5. 2.45.6
      6. 2.45.7
      7. 2.47.10
      8. 2.47.12
      9. 2.47.15

CWE

ID Name Description Links
CWE-20 Improper Input Validation The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program. CVE

Reference

History of changes

Date Event
2019-08-21 19:09
2019-08-13 20:15

New CVE