Vulnerabilities > EQ 3 > Homematic Central Control Unit Ccu2 Firmware > High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-02-22	CVE-2018-7299	Unspecified vulnerability in Eq-3 Homematic Central Control Unit Ccu2 Firmware 2.29.22 Remote Code Execution in the addon installation process in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows authenticated attackers to create or overwrite arbitrary files or install malicious software on the device. low complexity eq-3	8.0
2018-02-22	CVE-2018-7298	Cleartext Transmission of Sensitive Information vulnerability in Eq-3 Homematic Central Control Unit Ccu2 Firmware 2.29.22 In /usr/local/etc/config/addons/mh/loopupd.sh on eQ-3 AG HomeMatic CCU2 2.29.22 devices, software update packages are downloaded via the HTTP protocol, which does not provide any cryptographic protection of the downloaded contents. network high complexity eq-3 CWE-319	8.1

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.