Vulnerabilities > CVE-2019-14986 - Unspecified vulnerability in Eq-3 Homematic Ccu2 Firmware and Homematic Ccu3 Firmware

CVSS 8.1 - HIGH

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

high complexity

eq-3

NVD

Published: 2019-08-13

Updated: 2020-08-24

Summary

eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn before 2.3.0 installed allow administrative operations by unauthenticated attackers with access to the web interface, because features such as File-Browser and Shell Command (as well as "Set root password") are exposed.

Vulnerable Configurations

Part	Description	Count
OS	Eq-3 EQ 3 Homematic Ccu2 Firmware - EQ 3 Homematic Ccu2 Firmware 1.2.0 EQ 3 Homematic Ccu3 Firmware - EQ 3 Homematic Ccu3 Firmware 1.2.0	4
Hardware	Eq-3 EQ 3 Homematic Ccu2 - EQ 3 Homematic Ccu3 -	2

References

https://psytester.github.io/CVE-2019-14986/