CVE-2019-14474

Published: Aug 7, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

eQ-3 Homematic CCU3 3.47.15 and prior has Improper Input Validation in function 'Call()' of ReGa core logic process, resulting in the ability to start a Denial of Service. Due to Improper Authorization an attacker can obtain a session ID from CVE-2019-9583 or a valid guest/user/admin account can start this attack too.

Affected (1)

Products: Eq 3: Ccu3 Firmware

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Eq 3 Ccu3 Firmware	Up to 3.47.15

Running on/with	Platform Versions
Eq 3 Ccu3	All versions

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://psytester.github.io/CVE-2019-14474

Source: cve@mitre.org

ExploitThird Party Advisory

https://psytester.github.io/CVE-2019-14474

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.