Homematic Central Control Unit Ccu2 Firmware
CVE-2018-7299
HIGH
Severity by source
AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Remote Code Execution in the addon installation process in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows authenticated attackers to create or overwrite arbitrary files or install malicious software on the device.
AnalysisAI
Remote Code Execution in the addon installation process in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows authenticated attackers to create or overwrite arbitrary files or install malicious. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
Remote Code Execution in the addon installation process in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows authenticated attackers to create or overwrite arbitrary files or install malicious software on the device. Affected products include: Eq-3 Homematic Central Control Unit Ccu2 Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Remote Code Execution in the TCL script interpreter in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers
eQ-3 AG HomeMatic CCU2 2.29.22 devices have an open XML-RPC port without authentication. Rated critical severity (CVSS 9
In /usr/local/etc/config/addons/mh/loopupd.sh on eQ-3 AG HomeMatic CCU2 2.29.22 devices, software update packages are do
Directory Traversal / Arbitrary File Read in User.getLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows
Share
External POC / Exploit Code
Leaving vuln.today