CRITICAL🇬🇧 English

CVE-2019-18938

CVSS 9.8v3.1pub. 2019-11-14upd. 2024-11-21

eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the E-Mail AddOn through 1.6.8.c installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the save.cgi script for payload upload and the testtcl.cgi script for its execution.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Eq 3 Homematic Ccu2

    HW
    Eq-3
    wszystkie wersje
  • Eq 3 Homematic Ccu2 Firmware

    OS
    Eq-3
    2.24.20
  • Eq 3 Homematic Ccu3

    HW
    Eq-3
    wszystkie wersje
  • Eq 3 Homematic Ccu3 Firmware

    OS
    Eq-3
    3.47.18
  • Hm Email Project Hm Email

    APP
    Hm Email Project
    1.6.01.6.21.6.31.6.41.6.51.6.61.6.71.6.7a1.6.7b1.6.7c1.6.81.6.8a1.6.8b1.6.8c
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCEAuth Bypass
CWE
Referencje

Powiązane podatności

CVE-2021-33032CRITICAL10.0ten sam produkt

A Remote Code Execution (RCE) vulnerability in the WebUI component of the eQ-3 HomeMatic CCU2 firmware up to a...

CVE-2020-12834CRITICAL9.8ten sam produkt

eQ-3 Homematic Central Control Unit (CCU)2 through 2.51.6 and CCU3 through 3.51.6 allow Remote Code Execution ...

CVE-2019-18937CRITICAL9.8ten sam produkt

eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the Script Parser AddOn through 1.8 installed allow Remote C...

CVE-2019-18939CRITICAL9.8ten sam produkt

eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the HM-Print AddOn through 1.2a installed allow Remote Code ...

CVE-2019-16199CRITICAL9.8ten sam produkt

eQ-3 Homematic CCU2 before 2.47.18 and CCU3 before 3.47.18 allow Remote Code Execution by unauthenticated atta...