CVE-2019-14474

Name of the Vulnerable Software and Affected Versions eQ-3 Homematic CCU3 versions 3.47.15 and prior

Description The issue is related to Improper Input Validation in the Call() function of the ReGa core logic process. This can lead to a Denial of Service. Additionally, due to Improper Authorization, an attacker can exploit this issue by obtaining a session ID or using a valid guest, user, or admin account.

Recommendations For versions 3.47.15 and prior, consider disabling the Call() function of the ReGa core logic process as a temporary workaround to prevent potential Denial of Service attacks. Restrict access to valid guest, user, and admin accounts to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.