Vulnerabilities > EQ 3 > Homematic Ccu2 Firmware > 2.47.18

DATE CVE VULNERABILITY TITLE RISK
2021-07-22 CVE-2021-33032 OS Command Injection vulnerability in Eq-3 Homematic Ccu2 Firmware
A Remote Code Execution (RCE) vulnerability in the WebUI component of the eQ-3 HomeMatic CCU2 firmware up to and including version 2.57.5 and CCU3 firmware up to and including version 3.57.5 allows remote unauthenticated attackers to execute system commands as root via a simple HTTP request.
network
low complexity
eq-3 CWE-78
critical
 10.0
10
2020-05-15 CVE-2020-12834 Incorrect Default Permissions vulnerability in Eq-3 Ccu3 Firmware and Homematic Ccu2 Firmware
eQ-3 Homematic Central Control Unit (CCU)2 through 2.51.6 and CCU3 through 3.51.6 allow Remote Code Execution in the JSON API Method ReGa.runScript, by unauthenticated attackers with access to the web interface, due to the default auto-login feature being enabled during first-time setup (or factory reset).
network
low complexity
eq-3 CWE-276
critical
 9.8
9.8