PT-2019-14575 · Eq 3 · Eq-3 Homematic Ccu2+1

Psytester

Published

2019-09-17

Updated

2020-08-24

CVE-2019-16199

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions eQ-3 Homematic CCU2 versions prior to 2.47.18 eQ-3 Homematic CCU3 versions prior to 3.47.18

Description The issue allows remote code execution by unauthenticated attackers with access to the web interface. This is achieved via an HTTP POST request to certain URLs related to the ReGa core process.

Recommendations For eQ-3 Homematic CCU2 versions prior to 2.47.18, update to version 2.47.18 or later. For eQ-3 Homematic CCU3 versions prior to 3.47.18, update to version 3.47.18 or later.

Exploit

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2019-16199

Affected Products

Eq-3 Homematic Ccu2

Eq-3 Homematic Ccu3

PT-2019-14575 · Eq 3 · Eq-3 Homematic Ccu2+1

CVE-2019-16199

Weakness Enumeration

Related Identifiers

Affected Products

References · 3