Vulnerabilities (CVE)

Vendor filter

Eq-3 Subscribe

Product filter

Ccu3 Firmware Subscribe

Filter

6 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-9583 1 Eq-3 2 Ccu2 Firmware, Ccu3 Firmware 2019-08-27 6.4
eQ-3 Homematic CCU2 and CCU3 obtain session IDs without login. This allows a Denial of Service and is a starting point for other attacks. Affected versions for CCU2: 2.35.16, 2.41.5, 2.41.8, 2.41.9, 2.45.6, 2.45.7, 2.47.10, 2.47.12, 2.47.15....
CVE-2019-14474 1 Eq-3 1 Ccu3 Firmware 2019-08-16 5.0
eQ-3 Homematic CCU3 3.47.15 and prior has Improper Input Validation in function 'Call()' of ReGa core logic process, resulting in the ability to start a Denial of Service. Due to Improper Authorization an attacker can obtain a session ID from...
CVE-2019-14473 1 Eq-3 2 Ccu2 Firmware, Ccu3 Firmware 2019-08-14 6.5
eQ-3 Homematic CCU2 and CCU3 use session IDs for authentication but lack authorization checks. Consequently, a valid guest level or user level account can create a new admin level account, read the service messages, clear the system protocol or...
CVE-2019-14475 1 Eq-3 2 Ccu2 Firmware, Ccu3 Firmware 2019-08-13 5.0
eQ-3 Homematic CCU2 2.47.15 and prior and CCU3 3.47.15 and prior use session IDs for authentication but lack authorization checks. An attacker can obtain a session ID from CVE-2019-9583, resulting in the ability to read the service messages,...
CVE-2019-9727 1 Eq-3 1 Ccu3 Firmware 2019-05-14 5.0
Unauthenticated password hash disclosure in the User.getUserPWD method in eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to retrieve the GUI password hashes of GUI users. This vulnerability can be exploited by unauthenticated...
CVE-2019-9726 1 Eq-3 1 Ccu3 Firmware 2019-05-14 5.0
Directory Traversal / Arbitrary File Read in eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to read arbitrary files of the device's filesystem. This vulnerability can be exploited by unauthenticated attackers with access to...