CRITICAL🇵🇱 Wersja polska

CVE-2019-9584

CVSS 9.8v3.0pub. 2019-08-14upd. 2024-11-21

eQ-3 Homematic AddOn 'CloudMatic' on CCU2 and CCU3 allows uncontrolled admin access, resulting in the ability to obtain VPN profile details, shutting down the VPN service and to delete the VPN service configuration. This is related to improper access control for all /addons/mh/ pages.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Eq 3 Homematic Ccu2

    HW
    Eq-3
    wszystkie wersje
  • Eq 3 Homematic Ccu2 Firmware

    OS
    Eq-3
    ≤ 2.47.15
  • Eq 3 Homematic Ccu3

    HW
    Eq-3
    wszystkie wersje
  • Eq 3 Homematic Ccu3 Firmware

    OS
    Eq-3
    ≤ 3.47.15
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
VPN
CWE
References

Related vulnerabilities

CVE-2021-33032CRITICAL10.0ten sam produkt

A Remote Code Execution (RCE) vulnerability in the WebUI component of the eQ-3 HomeMatic CCU2 firmware up to a...

CVE-2020-12834CRITICAL9.8ten sam produkt

eQ-3 Homematic Central Control Unit (CCU)2 through 2.51.6 and CCU3 through 3.51.6 allow Remote Code Execution ...

CVE-2019-18939CRITICAL9.8ten sam produkt

eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the HM-Print AddOn through 1.2a installed allow Remote Code ...

CVE-2019-18938CRITICAL9.8ten sam produkt

eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the E-Mail AddOn through 1.6.8.c installed allow Remote Code...

CVE-2019-18937CRITICAL9.8ten sam produkt

eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the Script Parser AddOn through 1.8 installed allow Remote C...