PT-2019-13913 · Eq 3 · Cuxd Addon+2

Psytester

Published

2019-08-13

Updated

2020-08-24

CVE-2019-14986

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn versions prior to 2.3.0

Description The issue allows administrative operations to be performed by unauthenticated attackers who have access to the web interface. This is because certain features, such as the File-Browser and Shell Command, as well as the ability to "Set root password", are exposed.

Recommendations For eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn versions prior to 2.3.0, update to version 2.3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the web interface to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2019-14986

Affected Products

Cuxd Addon

Eq-3 Homematic Ccu2

Eq-3 Homematic Ccu3

PT-2019-13913 · Eq 3 · Cuxd Addon+2

CVE-2019-14986

Related Identifiers

Affected Products

References · 3