CVE-2019-14985

  • Published Date: Tue 13 Aug 2019
  • Last Modified Date: Wed 21 Aug 2019

eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn installed allow Remote Code Execution by unauthenticated attackers with access to the web interface, because this interface can access the CMD_EXEC virtual device type 28.

Impact

Severity: HIGH
Exploitability Score: 10.0
Impact Score: 6.4
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
Availability (A): PARTIAL

References (Advisories, Solutions, and Tools):



Note: This page is generated by our securitybot and has not been checked for errors. Feed Source: NVD