VYPR

Homematic CCU-Firmware

by eQ-3

CVEs (3)

  • CVE-2021-33032CriJul 22, 2021
    risk 0.69cvss 10.0epss 0.52

    A Remote Code Execution (RCE) vulnerability in the WebUI component of the eQ-3 HomeMatic CCU2 firmware up to and including version 2.57.5 and CCU3 firmware up to and including version 3.57.5 allows remote unauthenticated attackers to execute system commands as root via a simple…

  • CVE-2019-14423HigOct 17, 2019
    risk 0.59cvss 8.8epss 0.20

    A Remote Code Execution (RCE) issue in the addon CUx-Daemon 1.11a of the eQ-3 Homematic CCU-Firmware 2.35.16 until 2.45.6 allows remote authenticated attackers to execute system commands as root remotely via a simple HTTP request.

  • CVE-2019-14424MedOct 17, 2019
    risk 0.42cvss 6.5epss 0.01

    A Local File Inclusion (LFI) issue in the addon CUx-Daemon 1.11a of the eQ-3 Homematic CCU-Firmware 2.35.16 until 2.45.6 allows remote authenticated attackers to read sensitive files via a simple HTTP Request.