Vulnerability in N/a

CVE-2021-33032

A Remote Code Execution (RCE) vulnerability in the WebUI component of the eQ-3 HomeMatic CCU2 firmware up to and including version 2.57.5 and CCU3 firmware up to and including version 3.57.5 allows remote unauthenticated attackers to execu…

EPSS: 0.502 (97.9th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

References

novag.github.io/posts/homematic-unauthenticated-remote-code-execution/ (x_refsource_MISC)
www.eq-3.de/downloads/software/HM-CCU2-Firmware_Updates/HM-CCU-2.59.7/HM-CCU2-C… (x_refsource_MISC)
www.eq-3.de/downloads/software/firmware/ccu3-firmware/CCU3-Changelog.3.59.6.pdf (x_refsource_MISC)