CVE-2019-10121

Name of the Vulnerable Software and Affected Versions: eQ-3 HomeMatic CCU2 versions prior to 2.41.8 eQ-3 HomeMatic CCU3 versions prior to 3.43.15

Description: The issue allows an attacker to bypass authentication and automatically log in as an admin by exploiting the lack of authorization checks in the session ID-based authentication mechanism. This can be achieved by obtaining a session ID through the user authentication dialogue.

Recommendations: For eQ-3 HomeMatic CCU2 versions prior to 2.41.8, update to version 2.41.8 or later to resolve the issue. For eQ-3 HomeMatic CCU3 versions prior to 3.43.15, update to version 3.43.15 or later to resolve the issue.