Vulnerabilities (CVE)

Vendor filter

Eq-3 Subscribe

Filter

7 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-7300 1 Eq-3 1 Homematic Central Control Unit Ccu2 Firmware 2019-10-03 10.0
Directory Traversal / Arbitrary File Write / Remote Code Execution in the User.setLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to write arbitrary files to the device's filesystem. This vulnerability can be...
CVE-2018-7298 1 Eq-3 1 Homematic Central Control Unit Ccu2 Firmware 2019-10-03 9.3
In /usr/local/etc/config/addons/mh/loopupd.sh on eQ-3 AG HomeMatic CCU2 2.29.22 devices, software update packages are downloaded via the HTTP protocol, which does not provide any cryptographic protection of the downloaded contents. An attacker...
CVE-2018-7297 1 Eq-3 1 Homematic Central Control Unit Ccu2 Firmware 2019-10-03 10.0
Remote Code Execution in the TCL script interpreter in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to obtain read/write access and execute system commands on the device. This vulnerability can be exploited by unauthenticated...
CVE-2019-9584 1 Eq-3 2 Homematic Ccu2 Firmware, Homematic Ccu3 Firmware 2019-08-27 7.5
eQ-3 Homematic AddOn 'CloudMatic' on CCU2 and CCU3 allows uncontrolled admin access, resulting in the ability to obtain VPN profile details, shutting down the VPN service and to delete the VPN service configuration. This is related to improper...
CVE-2019-9582 1 Eq-3 1 Homematic Ccu2 Firmware 2019-08-27 7.8
eQ-3 Homematic CCU2 outdated base software packages allows Denial of Service. CCU2 affected versions: 2.35.16, 2.41.5, 2.41.8, 2.41.9, 2.45.6, 2.45.7, 2.47.10, 2.47.12, 2.47.15.
CVE-2019-14985 1 Eq-3 2 Homematic Ccu2 Firmware, Homematic Ccu3 Firmware 2019-08-21 7.5
eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn installed allow Remote Code Execution by unauthenticated attackers with access to the web interface, because this interface can access the CMD_EXEC virtual device type 28.
CVE-2018-7301 1 Eq-3 1 Homematic Central Control Unit Ccu2 Firmware 2018-03-18 7.5
eQ-3 AG HomeMatic CCU2 2.29.22 devices have an open XML-RPC port without authentication. This can be exploited by sending arbitrary XML-RPC requests to control the attached BidCos devices.