ID CVE-2018-7297
Summary Remote Code Execution in the TCL script interpreter in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to obtain read/write access and execute system commands on the device. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.
References
Vulnerable Configurations
  • cpe:2.3:o:eq-3:homematic_central_control_unit_ccu2_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:eq-3:homematic_central_control_unit_ccu2_firmware:*:*:*:*:*:*:*:*
  • cpe:2.3:h:eq-3:homematic_central_control_unit_ccu2:-:*:*:*:*:*:*:*
    cpe:2.3:h:eq-3:homematic_central_control_unit_ccu2:-:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
assigner via4 cve@mitre.org
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
exploit-db 44368
misc http://atomic111.github.io/article/homematic-ccu2-remote-code-execution
vulnerable_product via4 cpe:2.3:o:eq-3:homematic_central_control_unit_ccu2_firmware:*:*:*:*:*:*:*:*
Last major update 03-10-2019 - 00:03
Published 22-02-2018 - 19:29
Back to Top