Eq-3 Homematic Ccu2 Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Eq-3 Homematic Ccu2 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (14)
CVE-2021-33032 — CVSS 10.0 (critical): A Remote Code Execution (RCE) vulnerability in the WebUI component of the eQ-3 HomeMatic CCU2 firmware up to and including version 2.57.5…
CVE-2019-14985 — CVSS 9.8 (critical): eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn installed allow Remote Code Execution by unauthenticated attackers with access to the web…
CVE-2019-18939 — CVSS 9.8 (critical): eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the HM-Print AddOn through 1.2a installed allow Remote Code Execution by unauthenticated…
CVE-2018-7300 — CVSS 9.8 (critical): Directory Traversal / Arbitrary File Write / Remote Code Execution in the User.setLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and…
CVE-2019-9584 — CVSS 9.8 (critical): eQ-3 Homematic AddOn 'CloudMatic' on CCU2 and CCU3 allows uncontrolled admin access, resulting in the ability to obtain VPN profile…
CVE-2019-9585 — CVSS 9.8 (critical): eQ-3 Homematic CCU2 prior to 2.47.10 and CCU3 prior to 3.47.10 JSON API has Improper Access Control for Interface.***Metadata related…
CVE-2020-12834 — CVSS 9.8 (critical): eQ-3 Homematic Central Control Unit (CCU)2 through 2.51.6 and CCU3 through 3.51.6 allow Remote Code Execution in the JSON API Method…
CVE-2019-16199 — CVSS 9.8 (critical): eQ-3 Homematic CCU2 before 2.47.18 and CCU3 before 3.47.18 allow Remote Code Execution by unauthenticated attackers with access to the web…
CVE-2019-18937 — CVSS 9.8 (critical): eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the Script Parser AddOn through 1.8 installed allow Remote Code Execution by…
CVE-2019-18938 — CVSS 9.8 (critical): eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the E-Mail AddOn through 1.6.8.c installed allow Remote Code Execution by unauthenticated…
CVE-2019-9583 — CVSS 8.2 (high): eQ-3 Homematic CCU2 and CCU3 obtain session IDs without login. This allows a Denial of Service and is a starting point for other attacks…
CVE-2019-14986 — CVSS 8.1 (high): eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn before 2.3.0 installed allow administrative operations by unauthenticated attackers with…
CVE-2019-14984 — CVSS 8.1 (high): eQ-3 Homematic CCU2 and CCU3 with the XML-API through 1.2.0 AddOn installed allow Remote Code Execution by unauthenticated attackers with…