PT-2019-13912 · Eq 3 · Cuxd Addon+2
Psytester
·
Publicado
2019-08-13
·
Atualizado
2020-08-24
·
CVE-2019-14985
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn installed
Description
The issue allows for Remote Code Execution by unauthenticated attackers who have access to the web interface. This is possible because the web interface can access the CMD EXEC virtual device type 28.
Recommendations
For eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn installed, consider restricting access to the web interface to prevent unauthenticated attackers from exploiting this issue. As a temporary workaround, limit access to the CMD EXEC virtual device type 28 until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Improper Authentication
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Cuxd Addon
Eq-3 Homematic Ccu2
Eq-3 Homematic Ccu3