Vulnerabilities (CVE)

Vendor filter

Eq-3 Subscribe

Filter

9 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-7296 1 Eq-3 1 Homematic Central Control Unit Ccu2 Firmware 2019-10-03 5.0
Directory Traversal / Arbitrary File Read in User.getLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to read the first line of an arbitrary file on the CCU2's filesystem. This vulnerability can be exploited by...
CVE-2018-7299 1 Eq-3 1 Homematic Central Control Unit Ccu2 Firmware 2019-10-03 5.2
Remote Code Execution in the addon installation process in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows authenticated attackers to create or overwrite arbitrary files or install malicious software on the device.
CVE-2019-9583 1 Eq-3 2 Ccu2 Firmware, Ccu3 Firmware 2019-08-27 6.4
eQ-3 Homematic CCU2 and CCU3 obtain session IDs without login. This allows a Denial of Service and is a starting point for other attacks. Affected versions for CCU2: 2.35.16, 2.41.5, 2.41.8, 2.41.9, 2.45.6, 2.45.7, 2.47.10, 2.47.12, 2.47.15....
CVE-2019-14984 1 Eq-3 2 Homematic Ccu2 Firmware, Homematic Ccu3 Firmware 2019-08-21 6.8
eQ-3 Homematic CCU2 and CCU3 with the XML-API through 1.2.0 AddOn installed allow Remote Code Execution by unauthenticated attackers with access to the web interface, because the undocumented addons/xmlapi/exec.cgi script uses CMD_EXEC to execute...
CVE-2019-14474 1 Eq-3 1 Ccu3 Firmware 2019-08-16 5.0
eQ-3 Homematic CCU3 3.47.15 and prior has Improper Input Validation in function 'Call()' of ReGa core logic process, resulting in the ability to start a Denial of Service. Due to Improper Authorization an attacker can obtain a session ID from...
CVE-2019-14473 1 Eq-3 2 Ccu2 Firmware, Ccu3 Firmware 2019-08-14 6.5
eQ-3 Homematic CCU2 and CCU3 use session IDs for authentication but lack authorization checks. Consequently, a valid guest level or user level account can create a new admin level account, read the service messages, clear the system protocol or...
CVE-2019-14475 1 Eq-3 2 Ccu2 Firmware, Ccu3 Firmware 2019-08-13 5.0
eQ-3 Homematic CCU2 2.47.15 and prior and CCU3 3.47.15 and prior use session IDs for authentication but lack authorization checks. An attacker can obtain a session ID from CVE-2019-9583, resulting in the ability to read the service messages,...
CVE-2019-9727 1 Eq-3 1 Ccu3 Firmware 2019-05-14 5.0
Unauthenticated password hash disclosure in the User.getUserPWD method in eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to retrieve the GUI password hashes of GUI users. This vulnerability can be exploited by unauthenticated...
CVE-2019-9726 1 Eq-3 1 Ccu3 Firmware 2019-05-14 5.0
Directory Traversal / Arbitrary File Read in eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to read arbitrary files of the device's filesystem. This vulnerability can be exploited by unauthenticated attackers with access to...