Skip to main content

Homematic Central Control Unit Ccu2 Firmware

5 CVEs product

Monthly

CVE-2018-7301 CRITICAL Act Now

eQ-3 AG HomeMatic CCU2 2.29.22 devices have an open XML-RPC port without authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Homematic Central Control Unit Ccu2 Firmware
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-7299 HIGH This Week

Remote Code Execution in the addon installation process in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows authenticated attackers to create or overwrite arbitrary files or install malicious. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

RCE Homematic Central Control Unit Ccu2 Firmware
NVD
CVSS 3.0
8.0
EPSS
1.1%
CVE-2018-7298 HIGH This Week

In /usr/local/etc/config/addons/mh/loopupd.sh on eQ-3 AG HomeMatic CCU2 2.29.22 devices, software update packages are downloaded via the HTTP protocol, which does not provide any cryptographic. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Homematic Central Control Unit Ccu2 Firmware
NVD
CVSS 3.0
8.1
EPSS
0.8%
CVE-2018-7297 CRITICAL POC THREAT Act Now

Remote Code Execution in the TCL script interpreter in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to obtain read/write access and execute system commands on the device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Homematic Central Control Unit Ccu2 Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
64.8%
CVE-2018-7296 MEDIUM This Month

Directory Traversal / Arbitrary File Read in User.getLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to read the first line of an arbitrary file on the CCU2's. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Homematic Central Control Unit Ccu2 Firmware
NVD
CVSS 3.0
5.3
EPSS
1.9%
EPSS 1% CVSS 9.8
CRITICAL Act Now

eQ-3 AG HomeMatic CCU2 2.29.22 devices have an open XML-RPC port without authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Homematic Central Control Unit Ccu2 Firmware
NVD
EPSS 1% CVSS 8.0
HIGH This Week

Remote Code Execution in the addon installation process in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows authenticated attackers to create or overwrite arbitrary files or install malicious. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

RCE Homematic Central Control Unit Ccu2 Firmware
NVD
EPSS 1% CVSS 8.1
HIGH This Week

In /usr/local/etc/config/addons/mh/loopupd.sh on eQ-3 AG HomeMatic CCU2 2.29.22 devices, software update packages are downloaded via the HTTP protocol, which does not provide any cryptographic. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Homematic Central Control Unit Ccu2 Firmware
NVD
EPSS 65% CVSS 9.8
CRITICAL POC THREAT Act Now

Remote Code Execution in the TCL script interpreter in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to obtain read/write access and execute system commands on the device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Homematic Central Control Unit Ccu2 Firmware
NVD Exploit-DB
EPSS 2% CVSS 5.3
MEDIUM This Month

Directory Traversal / Arbitrary File Read in User.getLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to read the first line of an arbitrary file on the CCU2's. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Homematic Central Control Unit Ccu2 Firmware
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy