PT-2019-13717 · Eq 3 · Eq-3 Homematic Ccu2+1
Psytester
·
Publicado
2019-08-06
·
Atualizado
2020-08-24
·
CVE-2019-14473
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
eQ-3 Homematic CCU2 and CCU3 (affected versions not specified)
Description
The issue concerns a lack of authorization checks in the authentication process of eQ-3 Homematic CCU2 and CCU3, which use session IDs for authentication. This allows a user with a valid guest level or user level account to perform administrative actions, including creating new admin level accounts, reading service messages, clearing the system protocol, or modifying and deleting internal programs.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Missing Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Eq-3 Homematic Ccu2
Eq-3 Homematic Ccu3