PT-2019-15727 · Eq 3 · Eq-3 Homematic Hm-Print Addon+2

Psytester

·

Publicado

2019-11-14

·

Atualizado

2021-07-21

·

CVE-2019-18939

CVSS v3.1

9.8

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions eQ-3 Homematic CCU2 version 2.47.20 eQ-3 Homematic CCU3 version 3.47.18 eQ-3 Homematic HM-Print AddOn versions through 1.2a
Description The issue allows remote code execution by unauthenticated attackers with access to the web interface. This is achieved via the exec.cgi and exec1.cgi scripts, which execute TCL script content from an HTTP POST request.
Recommendations For eQ-3 Homematic CCU2 version 2.47.20, update to a version that fixes the remote code execution issue. For eQ-3 Homematic CCU3 version 3.47.18, update to a version that fixes the remote code execution issue. For eQ-3 Homematic HM-Print AddOn versions through 1.2a, update to a version that fixes the remote code execution issue. As a temporary workaround, consider restricting access to the exec.cgi and exec1.cgi scripts to minimize the risk of exploitation.

Exploit

Correção

Missing Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-306

Identificadores relacionados

CVE-2019-18939

Produtos afetados

Eq-3 Homematic Ccu2
Eq-3 Homematic Ccu3
Eq-3 Homematic Hm-Print Addon