Eq-3 Homematic_ccu3_firmware
13 CVEs affecting Eq-3 Homematic_ccu3_firmware. Latest disclosed: 2021-07-22. Critical: 8, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-33032 | Critical | 10.0 | 2021-07-22 | A Remote Code Execution (RCE) vulnerability in the WebUI component of the eQ-3 HomeMatic CCU2 firmware up to and including version 2.57.5 and CCU3 firmware up… |
CVE-2019-18939 | Critical | 9.8 | 2019-11-14 | eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the HM-Print AddOn through 1.2a installed allow Remote Code Execution by unauthenticated attackers with acces… |
CVE-2019-18938 | Critical | 9.8 | 2019-11-14 | eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the E-Mail AddOn through 1.6.8.c installed allow Remote Code Execution by unauthenticated attackers with acce… |
CVE-2019-18937 | Critical | 9.8 | 2019-11-14 | eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the Script Parser AddOn through 1.8 installed allow Remote Code Execution by unauthenticated attackers with a… |
CVE-2019-16199 | Critical | 9.8 | 2019-09-17 | eQ-3 Homematic CCU2 before 2.47.18 and CCU3 before 3.47.18 allow Remote Code Execution by unauthenticated attackers with access to the web interface via an HTT… |
CVE-2019-9585 | Critical | 9.8 | 2019-08-14 | eQ-3 Homematic CCU2 prior to 2.47.10 and CCU3 prior to 3.47.10 JSON API has Improper Access Control for Interface.***Metadata related operations, resulting in… |
CVE-2019-9584 | Critical | 9.8 | 2019-08-14 | eQ-3 Homematic AddOn 'CloudMatic' on CCU2 and CCU3 allows uncontrolled admin access, resulting in the ability to obtain VPN profile details, shutting down the… |
CVE-2019-14985 | Critical | 9.8 | 2019-08-13 | eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn installed allow Remote Code Execution by unauthenticated attackers with access to the web interface, because t… |
CVE-2019-15850 | High | 8.8 | 2019-10-17 | eQ-3 HomeMatic CCU3 firmware version 3.41.11 allows Remote Code Execution in the ReGa.runScript method. An authenticated attacker can easily execute code and c… |
CVE-2019-9583 | High | 8.2 | 2019-08-14 | eQ-3 Homematic CCU2 and CCU3 obtain session IDs without login. This allows a Denial of Service and is a starting point for other attacks. Affected versions for… |
CVE-2019-14986 | High | 8.1 | 2019-08-13 | eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn before 2.3.0 installed allow administrative operations by unauthenticated attackers with access to the web int… |
CVE-2019-14984 | High | 8.1 | 2019-08-13 | eQ-3 Homematic CCU2 and CCU3 with the XML-API through 1.2.0 AddOn installed allow Remote Code Execution by unauthenticated attackers with access to the web int… |
CVE-2019-15849 | High | 7.3 | 2019-10-17 | eQ-3 HomeMatic CCU3 firmware 3.41.11 allows session fixation. An attacker can create session IDs and send them to the victim. After the victim logs in to the s… |