Skip to main content

Homematic Ccu3 Firmware

13 CVEs product

Monthly

CVE-2021-33032 CRITICAL POC THREAT Act Now

A Remote Code Execution (RCE) vulnerability in the WebUI component of the eQ-3 HomeMatic CCU2 firmware up to and including version 2.57.5 and CCU3 firmware up to and including version 3.57.5 allows. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Homematic Ccu2 Firmware Homematic Ccu3 Firmware
NVD
CVSS 3.1
10.0
EPSS
52.2%
CVE-2019-18939 CRITICAL POC THREAT Act Now

eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the HM-Print AddOn through 1.2a installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the exec.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Hm Print Homematic Ccu2 Firmware Homematic Ccu3 Firmware
NVD
CVSS 3.1
9.8
EPSS
40.8%
CVE-2019-18938 CRITICAL POC THREAT Act Now

eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the E-Mail AddOn through 1.6.8.c installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the save.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Hm Email Homematic Ccu2 Firmware Homematic Ccu3 Firmware
NVD
CVSS 3.1
9.8
EPSS
33.8%
CVE-2019-18937 CRITICAL POC THREAT Act Now

eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the Script Parser AddOn through 1.8 installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Scriptparser Homematic Ccu2 Firmware Homematic Ccu3 Firmware
NVD
CVSS 3.1
9.8
EPSS
33.8%
CVE-2019-15850 HIGH POC THREAT This Week

eQ-3 HomeMatic CCU3 firmware version 3.41.11 allows Remote Code Execution in the ReGa.runScript method. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Homematic Ccu3 Firmware
NVD
CVSS 3.1
8.8
EPSS
15.6%
CVE-2019-15849 HIGH POC This Week

eQ-3 HomeMatic CCU3 firmware 3.41.11 allows session fixation. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Session Fixation Information Disclosure Homematic Ccu3 Firmware
NVD
CVSS 3.1
7.3
EPSS
0.8%
CVE-2019-16199 CRITICAL POC THREAT Act Now

eQ-3 Homematic CCU2 before 2.47.18 and CCU3 before 3.47.18 allow Remote Code Execution by unauthenticated attackers with access to the web interface via an HTTP POST request to certain URLs related. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Homematic Ccu2 Firmware Homematic Ccu3 Firmware
NVD
CVSS 3.1
9.8
EPSS
13.1%
CVE-2019-9585 CRITICAL POC Act Now

eQ-3 Homematic CCU2 prior to 2.47.10 and CCU3 prior to 3.47.10 JSON API has Improper Access Control for Interface.***Metadata related operations, resulting in the ability to read, set and deletion of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Homematic Ccu2 Firmware Homematic Ccu3 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
2.7%
CVE-2019-9584 CRITICAL POC Act Now

eQ-3 Homematic AddOn 'CloudMatic' on CCU2 and CCU3 allows uncontrolled admin access, resulting in the ability to obtain VPN profile details, shutting down the VPN service and to delete the VPN. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Homematic Ccu2 Firmware Homematic Ccu3 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
2.7%
CVE-2019-9583 HIGH POC This Week

eQ-3 Homematic CCU2 and CCU3 obtain session IDs without login. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Homematic Ccu3 Firmware Homematic Ccu2 Firmware
NVD GitHub
CVSS 3.1
8.2
EPSS
1.9%
CVE-2019-14986 HIGH POC This Week

eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn before 2.3.0 installed allow administrative operations by unauthenticated attackers with access to the web interface, because features such as. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Homematic Ccu2 Firmware Homematic Ccu3 Firmware
NVD
CVSS 3.0
8.1
EPSS
2.5%
CVE-2019-14985 CRITICAL POC THREAT Act Now

eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn installed allow Remote Code Execution by unauthenticated attackers with access to the web interface, because this interface can access the CMD_EXEC. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Homematic Ccu2 Firmware Homematic Ccu3 Firmware
NVD
CVSS 3.0
9.8
EPSS
11.3%
CVE-2019-14984 HIGH POC This Week

eQ-3 Homematic CCU2 and CCU3 with the XML-API through 1.2.0 AddOn installed allow Remote Code Execution by unauthenticated attackers with access to the web interface, because the undocumented. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Homematic Ccu2 Firmware Homematic Ccu3 Firmware
NVD
CVSS 3.0
8.1
EPSS
5.8%
EPSS 52% CVSS 10.0
CRITICAL POC THREAT Act Now

A Remote Code Execution (RCE) vulnerability in the WebUI component of the eQ-3 HomeMatic CCU2 firmware up to and including version 2.57.5 and CCU3 firmware up to and including version 3.57.5 allows. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Homematic Ccu2 Firmware +1
NVD
EPSS 41% CVSS 9.8
CRITICAL POC THREAT Act Now

eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the HM-Print AddOn through 1.2a installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the exec.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Hm Print +2
NVD
EPSS 34% CVSS 9.8
CRITICAL POC THREAT Act Now

eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the E-Mail AddOn through 1.6.8.c installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the save.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Hm Email +2
NVD
EPSS 34% CVSS 9.8
CRITICAL POC THREAT Act Now

eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the Script Parser AddOn through 1.8 installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Scriptparser +2
NVD
EPSS 16% CVSS 8.8
HIGH POC THREAT This Week

eQ-3 HomeMatic CCU3 firmware version 3.41.11 allows Remote Code Execution in the ReGa.runScript method. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Homematic Ccu3 Firmware
NVD
EPSS 1% CVSS 7.3
HIGH POC This Week

eQ-3 HomeMatic CCU3 firmware 3.41.11 allows session fixation. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Session Fixation Information Disclosure Homematic Ccu3 Firmware
NVD
EPSS 13% CVSS 9.8
CRITICAL POC THREAT Act Now

eQ-3 Homematic CCU2 before 2.47.18 and CCU3 before 3.47.18 allow Remote Code Execution by unauthenticated attackers with access to the web interface via an HTTP POST request to certain URLs related. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Homematic Ccu2 Firmware +1
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

eQ-3 Homematic CCU2 prior to 2.47.10 and CCU3 prior to 3.47.10 JSON API has Improper Access Control for Interface.***Metadata related operations, resulting in the ability to read, set and deletion of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Homematic Ccu2 Firmware Homematic Ccu3 Firmware
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

eQ-3 Homematic AddOn 'CloudMatic' on CCU2 and CCU3 allows uncontrolled admin access, resulting in the ability to obtain VPN profile details, shutting down the VPN service and to delete the VPN. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Homematic Ccu2 Firmware Homematic Ccu3 Firmware
NVD GitHub
EPSS 2% CVSS 8.2
HIGH POC This Week

eQ-3 Homematic CCU2 and CCU3 obtain session IDs without login. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Homematic Ccu3 Firmware Homematic Ccu2 Firmware
NVD GitHub
EPSS 3% CVSS 8.1
HIGH POC This Week

eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn before 2.3.0 installed allow administrative operations by unauthenticated attackers with access to the web interface, because features such as. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Homematic Ccu2 Firmware Homematic Ccu3 Firmware
NVD
EPSS 11% CVSS 9.8
CRITICAL POC THREAT Act Now

eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn installed allow Remote Code Execution by unauthenticated attackers with access to the web interface, because this interface can access the CMD_EXEC. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Homematic Ccu2 Firmware +1
NVD
EPSS 6% CVSS 8.1
HIGH POC This Week

eQ-3 Homematic CCU2 and CCU3 with the XML-API through 1.2.0 AddOn installed allow Remote Code Execution by unauthenticated attackers with access to the web interface, because the undocumented. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Homematic Ccu2 Firmware +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy