CVE-2019-14986

Name of the Vulnerable Software and Affected Versions eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn versions prior to 2.3.0

Description The issue allows administrative operations to be performed by unauthenticated attackers who have access to the web interface. This is because certain features, such as the File-Browser and Shell Command, as well as the ability to "Set root password", are exposed.

Recommendations For eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn versions prior to 2.3.0, update to version 2.3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the web interface to minimize the risk of exploitation.