CVE-2019-16199

Published: Sep 17, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

eQ-3 Homematic CCU2 before 2.47.18 and CCU3 before 3.47.18 allow Remote Code Execution by unauthenticated attackers with access to the web interface via an HTTP POST request to certain URLs related to the ReGa core process.

Affected (2)

Products: Eq 3: Homematic Ccu2 Firmware, Homematic Ccu3 Firmware

Eq 3

2 products

Homematic Ccu2 Firmware

Homematic Ccu3 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Eq 3 Homematic Ccu2 Firmware	Before 2.47.18

Running on/with	Platform Versions
Eq 3 Homematic Ccu2	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Eq 3 Homematic Ccu3 Firmware	Before 3.47.18

Running on/with	Platform Versions
Eq 3 Homematic Ccu3	All versions

Related CWEs

CWE-306

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (2)

https://psytester.github.io/CVE-2019-16199/

Source: cve@mitre.org

ExploitThird Party Advisory

https://psytester.github.io/CVE-2019-16199/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.