Vulnerabilities > CVE-2018-7299 - Unspecified vulnerability in Eq-3 Homematic Central Control Unit Ccu2 Firmware 2.29.22

CVSS 8.0 - HIGH

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

low complexity

eq-3

NVD

Published: 2018-02-22

Updated: 2019-10-03

Summary

Remote Code Execution in the addon installation process in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows authenticated attackers to create or overwrite arbitrary files or install malicious software on the device.

Vulnerable Configurations

Part	Description	Count
OS	Eq-3 EQ 3 Homematic Central Control Unit Ccu2 Firmware 2.29.22	1
Hardware	Eq-3 EQ 3 Homematic Central Control Unit Ccu2 -	1

References

http://atomic111.github.io/article/homematic-ccu2-untrusted_addon