Vulnerabilities > CVE-2018-7299 - Unspecified vulnerability in Eq-3 Homematic Central Control Unit Ccu2 Firmware

CVSS 5.2 - MEDIUM

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

low complexity

eq-3

NVD

Published: 2018-02-22

Updated: 2019-10-03

Summary

Remote Code Execution in the addon installation process in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows authenticated attackers to create or overwrite arbitrary files or install malicious software on the device.

Vulnerable Configurations

Part	Description	Count
OS	Eq-3 EQ 3 Homematic Central Control Unit Ccu2 Firmware *	1
Hardware	Eq-3 EQ 3 Homematic Central Control Unit Ccu2 -	1

References

http://atomic111.github.io/article/homematic-ccu2-untrusted_addon