CVE-2019-15850 - Input Validation vulnerability in EQ 3 Homematic Ccu3 Firmware 3.41.11

Publication

2019-10-17

Last modification

2019-10-21

Summary

eQ-3 HomeMatic CCU3 firmware version 3.41.11 allows Remote Code Execution in the ReGa.runScript method. An authenticated attacker can easily execute code and compromise the system.

Classification

CWE-20 - Input Validation

Risk level (CVSS AV:N/AC:L/Au:S/C:C/I:C/A:C)

High

9.0

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Vendor Product Versions
EQ 3 Homematic Ccu3 Firmware  3.41.11