CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-7300

Directory Traversal / Arbitrary File Write / Remote Code Execution in the User.setLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to write arbitrary files to the device's filesystem. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.13

EPSS Ranking 93.6%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 10.0

References

Products affected by CVE-2018-7300

Eq-3 » Homematic Ccu2 » Version: N/A

cpe:2.3:h:eq-3:homematic_ccu2:-
Eq-3 » Homematic Ccu2 Firmware » Version: N/A

cpe:2.3:o:eq-3:homematic_ccu2_firmware:-
Eq-3 » Homematic Ccu2 Firmware » Version: 1.2.0

cpe:2.3:o:eq-3:homematic_ccu2_firmware:1.2.0
Eq-3 » Homematic Ccu2 Firmware » Version: 2.11.6

cpe:2.3:o:eq-3:homematic_ccu2_firmware:2.11.6
Eq-3 » Homematic Ccu2 Firmware » Version: 2.11.9

cpe:2.3:o:eq-3:homematic_ccu2_firmware:2.11.9
Eq-3 » Homematic Ccu2 Firmware » Version: 2.13.7

cpe:2.3:o:eq-3:homematic_ccu2_firmware:2.13.7
Eq-3 » Homematic Ccu2 Firmware » Version: 2.15.2

cpe:2.3:o:eq-3:homematic_ccu2_firmware:2.15.2
Eq-3 » Homematic Ccu2 Firmware » Version: 2.15.5

cpe:2.3:o:eq-3:homematic_ccu2_firmware:2.15.5
Eq-3 » Homematic Ccu2 Firmware » Version: 2.17.14

cpe:2.3:o:eq-3:homematic_ccu2_firmware:2.17.14
Eq-3 » Homematic Ccu2 Firmware » Version: 2.17.15

cpe:2.3:o:eq-3:homematic_ccu2_firmware:2.17.15
Eq-3 » Homematic Ccu2 Firmware » Version: 2.17.16

cpe:2.3:o:eq-3:homematic_ccu2_firmware:2.17.16
Eq-3 » Homematic Ccu2 Firmware » Version: 2.19.9

cpe:2.3:o:eq-3:homematic_ccu2_firmware:2.19.9
Eq-3 » Homematic Ccu2 Firmware » Version: 2.21.10

cpe:2.3:o:eq-3:homematic_ccu2_firmware:2.21.10
Eq-3 » Homematic Ccu2 Firmware » Version: 2.24.20

cpe:2.3:o:eq-3:homematic_ccu2_firmware:2.24.20
Eq-3 » Homematic Ccu2 Firmware » Version: 2.25.12

cpe:2.3:o:eq-3:homematic_ccu2_firmware:2.25.12
Eq-3 » Homematic Ccu2 Firmware » Version: 2.25.14

cpe:2.3:o:eq-3:homematic_ccu2_firmware:2.25.14
Eq-3 » Homematic Ccu2 Firmware » Version: 2.25.15

cpe:2.3:o:eq-3:homematic_ccu2_firmware:2.25.15
Eq-3 » Homematic Ccu2 Firmware » Version: 2.27.7

cpe:2.3:o:eq-3:homematic_ccu2_firmware:2.27.7
Eq-3 » Homematic Ccu2 Firmware » Version: 2.27.8

cpe:2.3:o:eq-3:homematic_ccu2_firmware:2.27.8
Eq-3 » Homematic Ccu2 Firmware » Version: 2.29.18

cpe:2.3:o:eq-3:homematic_ccu2_firmware:2.29.18
Eq-3 » Homematic Ccu2 Firmware » Version: 2.3.0

cpe:2.3:o:eq-3:homematic_ccu2_firmware:2.3.0
Eq-3 » Homematic Ccu2 Firmware » Version: 2.3.17

cpe:2.3:o:eq-3:homematic_ccu2_firmware:2.3.17
Eq-3 » Homematic Ccu2 Firmware » Version: 2.3.18

cpe:2.3:o:eq-3:homematic_ccu2_firmware:2.3.18
Eq-3 » Homematic Ccu2 Firmware » Version: 2.5.4

cpe:2.3:o:eq-3:homematic_ccu2_firmware:2.5.4
Eq-3 » Homematic Ccu2 Firmware » Version: 2.7.16

cpe:2.3:o:eq-3:homematic_ccu2_firmware:2.7.16
Eq-3 » Homematic Ccu2 Firmware » Version: 2.7.17

cpe:2.3:o:eq-3:homematic_ccu2_firmware:2.7.17
Eq-3 » Homematic Ccu2 Firmware » Version: 2.7.8

cpe:2.3:o:eq-3:homematic_ccu2_firmware:2.7.8
Eq-3 » Homematic Ccu2 Firmware » Version: 2.9.10

cpe:2.3:o:eq-3:homematic_ccu2_firmware:2.9.10
Eq-3 » Homematic Ccu2 Firmware » Version: 2.9.12

cpe:2.3:o:eq-3:homematic_ccu2_firmware:2.9.12

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-7300

Products

Pricing

Contact Us