Vulnerabilities > EQ 3 > Ccu2 Firmware > 2.35.16
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-10-17 | CVE-2019-14424 | Information Exposure vulnerability in Eq-3 Ccu2 Firmware and Cux-Daemon A Local File Inclusion (LFI) issue in the addon CUx-Daemon 1.11a of the eQ-3 Homematic CCU-Firmware 2.35.16 until 2.45.6 allows remote authenticated attackers to read sensitive files via a simple HTTP Request. | 4.0 |
2019-10-17 | CVE-2019-14423 | Code Injection vulnerability in Eq-3 Ccu2 Firmware and Cux-Daemon A Remote Code Execution (RCE) issue in the addon CUx-Daemon 1.11a of the eQ-3 Homematic CCU-Firmware 2.35.16 until 2.45.6 allows remote authenticated attackers to execute system commands as root remotely via a simple HTTP request. | 9.0 |
2019-07-10 | CVE-2019-10122 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Eq-3 Ccu2 Firmware and Ccu3 Firmware eQ-3 HomeMatic CCU2 devices before 2.41.9 and CCU3 devices before 3.43.16 have buffer overflows in the ReGa ise GmbH HTTP-Server 2.0 component, aka HMCCU-179. | 7.5 |