Eq-3 Homematic_ccu2_firmware

14 CVEs affecting Eq-3 Homematic_ccu2_firmware. Latest disclosed: 2021-07-22. Critical: 10, High: 4.

Top CVEs affecting Eq-3 Homematic_ccu2_firmware
CVESeverityScorePublishedSummary
CVE-2021-33032Critical10.02021-07-22A Remote Code Execution (RCE) vulnerability in the WebUI component of the eQ-3 HomeMatic CCU2 firmware up to and including version 2.57.5 and CCU3 firmware up…
CVE-2020-12834Critical9.82020-05-15eQ-3 Homematic Central Control Unit (CCU)2 through 2.51.6 and CCU3 through 3.51.6 allow Remote Code Execution in the JSON API Method ReGa.runScript, by unauthe…
CVE-2019-18939Critical9.82019-11-14eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the HM-Print AddOn through 1.2a installed allow Remote Code Execution by unauthenticated attackers with acces…
CVE-2019-18938Critical9.82019-11-14eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the E-Mail AddOn through 1.6.8.c installed allow Remote Code Execution by unauthenticated attackers with acce…
CVE-2019-18937Critical9.82019-11-14eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the Script Parser AddOn through 1.8 installed allow Remote Code Execution by unauthenticated attackers with a…
CVE-2019-16199Critical9.82019-09-17eQ-3 Homematic CCU2 before 2.47.18 and CCU3 before 3.47.18 allow Remote Code Execution by unauthenticated attackers with access to the web interface via an HTT…
CVE-2019-9585Critical9.82019-08-14eQ-3 Homematic CCU2 prior to 2.47.10 and CCU3 prior to 3.47.10 JSON API has Improper Access Control for Interface.***Metadata related operations, resulting in…
CVE-2019-9584Critical9.82019-08-14eQ-3 Homematic AddOn 'CloudMatic' on CCU2 and CCU3 allows uncontrolled admin access, resulting in the ability to obtain VPN profile details, shutting down the…
CVE-2019-14985Critical9.82019-08-13eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn installed allow Remote Code Execution by unauthenticated attackers with access to the web interface, because t…
CVE-2018-7300Critical9.82018-02-22Directory Traversal / Arbitrary File Write / Remote Code Execution in the User.setLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote at…
CVE-2019-9583High8.22019-08-14eQ-3 Homematic CCU2 and CCU3 obtain session IDs without login. This allows a Denial of Service and is a starting point for other attacks. Affected versions for…
CVE-2019-14986High8.12019-08-13eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn before 2.3.0 installed allow administrative operations by unauthenticated attackers with access to the web int…
CVE-2019-14984High8.12019-08-13eQ-3 Homematic CCU2 and CCU3 with the XML-API through 1.2.0 AddOn installed allow Remote Code Execution by unauthenticated attackers with access to the web int…
CVE-2019-9582High7.52019-08-14eQ-3 Homematic CCU2 outdated base software packages allows Denial of Service. CCU2 affected versions: 2.35.16, 2.41.5, 2.41.8, 2.41.9, 2.45.6, 2.45.7, 2.47.10…