CVE-2019-9583
8.2
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Exploitability: 3.9 / Impact: 4.2
Source: NVD
Description
eQ-3 Homematic CCU2 and CCU3 obtain session IDs without login. This allows a Denial of Service and is a starting point for other attacks. Affected versions for CCU2: 2.35.16, 2.41.5, 2.41.8, 2.41.9, 2.45.6, 2.45.7, 2.47.10, 2.47.12, 2.47.15. Affected versions for CCU3: 3.41.11, 3.43.16, 3.45.5, 3.45.7, 3.47.10, 3.47.15.
Affected (16)
Products: Eq 3: Homematic Ccu3 Firmware, Homematic Ccu2 Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 3.41.11 |
| Running on/with | Platform Versions |
|---|---|
Eq 3 Homematic Ccu3 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Eq 3 Homematic Ccu2 | All versions |
References (4)
Source: cve@mitre.org
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Timeline
No history available yet.