High severity7.3NVD Advisory· Published Oct 17, 2019· Updated Jun 17, 2026
CVE-2019-15849
CVE-2019-15849
Description
eQ-3 HomeMatic CCU3 firmware 3.41.11 allows session fixation. An attacker can create session IDs and send them to the victim. After the victim logs in to the session, the attacker can use that session. The attacker could create SSH logins after a valid session and easily compromise the system.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- eQ-3/HomeMatic CCU3 firmwaredescription
- Range: 3.41.11
Patches
Vulnerability mechanics
References
2- noskill1337.github.io/homematic-ccu3-session-fixationnvdExploitMitigationThird Party Advisory
- www.eq-3.com/products/homematic.htmlnvdVendor Advisory
News mentions
0No linked articles in our index yet.