RSS   Vulnerabilities for 'Ccu2 firmware'   RSS

2019-08-14
 
CVE-2019-9583

CWE-400
 

 
eQ-3 Homematic CCU2 and CCU3 obtain session IDs without login. This allows a Denial of Service and is a starting point for other attacks. Affected versions for CCU2: 2.35.16, 2.41.5, 2.41.8, 2.41.9, 2.45.6, 2.45.7, 2.47.10, 2.47.12, 2.47.15. Affected versions for CCU3: 3.41.11, 3.43.16, 3.45.5, 3.45.7, 3.47.10, 3.47.15.

 
2019-08-06
 
CVE-2019-14473

CWE-285
 

 
eQ-3 Homematic CCU2 and CCU3 use session IDs for authentication but lack authorization checks. Consequently, a valid guest level or user level account can create a new admin level account, read the service messages, clear the system protocol or modify/delete internal programs, etc. pp.

 
2019-08-05
 
CVE-2019-14475

CWE-285
 

 
eQ-3 Homematic CCU2 2.47.15 and prior and CCU3 3.47.15 and prior use session IDs for authentication but lack authorization checks. An attacker can obtain a session ID from CVE-2019-9583, resulting in the ability to read the service messages, clear the system protocol, create a new user in the system, or modify/delete internal programs.

 

 >>> Vendor: EQ-3 5 Products
Homematic central control unit ccu2 firmware
Ccu3 firmware
Ccu2 firmware
Homematic ccu2 firmware
Homematic ccu3 firmware


Copyright 2019, cxsecurity.com

 

Back to Top