Vulnerabilities > EQ 3 > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-10 | CVE-2019-10121 | Missing Authentication for Critical Function vulnerability in Eq-3 Ccu2 Firmware and Ccu3 Firmware eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.15 use session IDs for authentication but lack authorization checks. | 9.8 |
| 2019-07-10 | CVE-2019-10119 | Missing Authentication for Critical Function vulnerability in Eq-3 Ccu2 Firmware and Ccu3 Firmware eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16 use session IDs for authentication but lack authorization checks. | 9.8 |
| 2018-02-22 | CVE-2018-7301 | Missing Authentication for Critical Function vulnerability in Eq-3 Homematic Central Control Unit Ccu2 Firmware 2.29.22 eQ-3 AG HomeMatic CCU2 2.29.22 devices have an open XML-RPC port without authentication. | 9.8 |
| 2018-02-22 | CVE-2018-7300 | Path Traversal vulnerability in Eq-3 Homematic Ccu2 Firmware Directory Traversal / Arbitrary File Write / Remote Code Execution in the User.setLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to write arbitrary files to the device's filesystem. | 9.8 |
| 2018-02-22 | CVE-2018-7297 | Unspecified vulnerability in Eq-3 Homematic Central Control Unit Ccu2 Firmware 2.29.22 Remote Code Execution in the TCL script interpreter in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to obtain read/write access and execute system commands on the device. | 9.8 |