Eq 3
eq-3
32 CVEs • 11 products
Products (11)
Click to collapseToggle
Products (11)
Click to collapse
CVEs (32)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Eq 3 2Ccu2 Firmware Ccu3 FirmwareNov 21, 2024 Jul 10, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 eQ-3 HomeMatic CCU2 devices before 2.41.9 and CCU3 devices before 3.43.16 have buffer overflows in the ReGa ise GmbH HTTP-Server 2.0 component, aka HMCCU-179. This may lead to remote code execution. |
1Eq 3 2Ccu2 Firmware Ccu3 FirmwareNov 21, 2024 Jul 10, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.15 use session IDs for authentication but lack authorization checks. An attacker can obtain a session ID via the user authentication dialogue, aka HM...Show more |
1Eq 3 2Ccu2 Firmware Ccu3 FirmwareNov 21, 2024 Jul 10, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 On eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16, automatic login configuration (aka setAutoLogin) can be achieved by continuing to use a session ID after a logout, aka HMCCU-154. |
1Eq 3 2Ccu2 Firmware Ccu3 FirmwareNov 21, 2024 Jul 10, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16 use session IDs for authentication but lack authorization checks. An attacker can obtain a session ID via an invalid login attempt to the RemoteAp...Show more |
Unauthenticated password hash disclosure in the User.getUserPWD method in eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to retrieve the GUI password hashes of GUI users. This vulnerability can be exp...Show more |
Directory Traversal / Arbitrary File Read in eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to read arbitrary files of the device's filesystem. This vulnerability can be exploited by unauthenticated a...Show more |
1Eq 3 1Homematic Central Control Unit Ccu2 Firmware Nov 21, 2024 Feb 22, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 eQ-3 AG HomeMatic CCU2 2.29.22 devices have an open XML-RPC port without authentication. This can be exploited by sending arbitrary XML-RPC requests to control the attached BidCos devices. |
1Eq 3 1Homematic Ccu2 Firmware Nov 21, 2024 Feb 22, 2018 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Directory Traversal / Arbitrary File Write / Remote Code Execution in the User.setLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to write arbitrary files to the device's filesystem....Show more |
1Eq 3 1Homematic Central Control Unit Ccu2 Firmware Nov 21, 2024 Feb 22, 2018 N/A· v4 8.0 HIGH· v3 5.2 MEDIUM· v2 Remote Code Execution in the addon installation process in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows authenticated attackers to create or overwrite arbitrary files or install malicious software on the device. |
1Eq 3 1Homematic Central Control Unit Ccu2 Firmware Nov 21, 2024 Feb 22, 2018 N/A· v4 8.1 HIGH· v3 9.3 HIGH· v2 In /usr/local/etc/config/addons/mh/loopupd.sh on eQ-3 AG HomeMatic CCU2 2.29.22 devices, software update packages are downloaded via the HTTP protocol, which does not provide any cryptographic protection of the downloade...Show more |
1Eq 3 1Homematic Central Control Unit Ccu2 Firmware Nov 21, 2024 Feb 22, 2018 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Remote Code Execution in the TCL script interpreter in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to obtain read/write access and execute system commands on the device. This vulnerability can be ex...Show more |
1Eq 3 1Homematic Central Control Unit Ccu2 Firmware Nov 21, 2024 Feb 22, 2018 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Directory Traversal / Arbitrary File Read in User.getLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to read the first line of an arbitrary file on the CCU2's filesystem. This vulnera...Show more |