CRITICAL✓ PATCH🇬🇧 English

CVE-2021-33032

CVSS 10.0v3.1pub. 2021-07-22upd. 2024-11-21

A Remote Code Execution (RCE) vulnerability in the WebUI component of the eQ-3 HomeMatic CCU2 firmware up to and including version 2.57.5 and CCU3 firmware up to and including version 3.57.5 allows remote unauthenticated attackers to execute system commands as root via a simple HTTP request.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Eq 3 Homematic Ccu2

    HW
    Eq-3
    wszystkie wersje
  • Eq 3 Homematic Ccu2 Firmware

    OS
    Eq-3
    ≤ 2.57.5
  • Eq 3 Homematic Ccu3

    HW
    Eq-3
    wszystkie wersje
  • Eq 3 Homematic Ccu3 Firmware

    OS
    Eq-3
    ≤ 3.57.5
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
RCEAuth BypassCommand Injection
CWE
Referencje

Powiązane podatności

CVE-2020-12834CRITICAL9.8ten sam produkt

eQ-3 Homematic Central Control Unit (CCU)2 through 2.51.6 and CCU3 through 3.51.6 allow Remote Code Execution ...

CVE-2019-18939CRITICAL9.8ten sam produkt

eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the HM-Print AddOn through 1.2a installed allow Remote Code ...

CVE-2019-18937CRITICAL9.8ten sam produkt

eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the Script Parser AddOn through 1.8 installed allow Remote C...

CVE-2019-18938CRITICAL9.8ten sam produkt

eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the E-Mail AddOn through 1.6.8.c installed allow Remote Code...

CVE-2019-16199CRITICAL9.8ten sam produkt

eQ-3 Homematic CCU2 before 2.47.18 and CCU3 before 3.47.18 allow Remote Code Execution by unauthenticated atta...