Vulnerabilities > EQ 3 > Ccu2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-06 | CVE-2019-14473 | Missing Authorization vulnerability in Eq-3 Ccu2 Firmware and Ccu3 Firmware eQ-3 Homematic CCU2 and CCU3 use session IDs for authentication but lack authorization checks. | 6.5 |
| 2019-08-05 | CVE-2019-14475 | Missing Authorization vulnerability in Eq-3 Ccu2 Firmware and Ccu3 Firmware eQ-3 Homematic CCU2 2.47.15 and prior and CCU3 3.47.15 and prior use session IDs for authentication but lack authorization checks. | 5.0 |
| 2019-07-10 | CVE-2019-10121 | Missing Authentication for Critical Function vulnerability in Eq-3 Ccu2 Firmware and Ccu3 Firmware eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.15 use session IDs for authentication but lack authorization checks. | 7.5 |
| 2019-07-10 | CVE-2019-10120 | Session Fixation vulnerability in Eq-3 Ccu2 Firmware and Ccu3 Firmware On eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16, automatic login configuration (aka setAutoLogin) can be achieved by continuing to use a session ID after a logout, aka HMCCU-154. | 6.5 |
| 2019-07-10 | CVE-2019-10119 | Missing Authentication for Critical Function vulnerability in Eq-3 Ccu2 Firmware and Ccu3 Firmware eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16 use session IDs for authentication but lack authorization checks. | 7.5 |