CVE-2018-7297

Name of the Vulnerable Software and Affected Versions eQ-3 AG Homematic CCU2 versions 2.29.2 and earlier

Description The issue is related to a Remote Code Execution vulnerability in the TCL script interpreter. This allows remote attackers to obtain read/write access and execute system commands on the device. The vulnerability can be exploited by unauthenticated attackers with access to the web interface. It is associated with shortcomings in the security mechanisms of the TCL script interpreter, enabling remote attackers to read and write arbitrary files and execute system commands on the device using the web interface.

Recommendations For versions 2.29.2 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.