CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-7299

Remote Code Execution in the addon installation process in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows authenticated attackers to create or overwrite arbitrary files or install malicious software on the device.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 43.3%

CVSS Severity

CVSS v3 Score 8.0

CVSS v2 Score 5.2

References

http://atomic111.github.io/article/homematic-ccu2-untrusted_addon
http://atomic111.github.io/article/homematic-ccu2-untrusted_addon

Products affected by CVE-2018-7299

Eq-3 » Homematic Central Control Unit Ccu2 » Version: N/A

cpe:2.3:h:eq-3:homematic_central_control_unit_ccu2:-
Eq-3 » Homematic Central Control Unit Ccu2 Firmware » Version: 2.29.22

cpe:2.3:o:eq-3:homematic_central_control_unit_ccu2_firmware:2.29.22

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-7299

Products

Pricing

Contact Us