Eq 3 Ag · Homematic Ccu3 · CVE-2019-9727
**Name of the Vulnerable Software and Affected Versions**
eQ-3 AG Homematic CCU3 versions 3.43.15 and earlier
**Description**
The issue allows unauthenticated remote attackers to disclose password hashes of GUI users through the User.getUserPWD method. This can be exploited by attackers with access to the web interface.
**Recommendations**
For versions 3.43.15 and earlier, update to a version that fixes this issue to prevent unauthenticated password hash disclosure. As a temporary workaround, consider restricting access to the web interface to minimize the risk of exploitation.