Vulnerability Details CVE-2019-14423
A Remote Code Execution (RCE) issue in the addon CUx-Daemon 1.11a of the eQ-3 Homematic CCU-Firmware 2.35.16 until 2.45.6 allows remote authenticated attackers to execute system commands as root remotely via a simple HTTP request.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.102
EPSS Ranking 92.7%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.0
References
Products affected by CVE-2019-14423
-
cpe:2.3:a:eq-3:cux-daemon:1.11a
-
cpe:2.3:a:eq-3:cux-daemon:1.12
-
cpe:2.3:a:eq-3:cux-daemon:2.0.0
-
cpe:2.3:a:eq-3:cux-daemon:2.1.0
-
cpe:2.3:a:eq-3:cux-daemon:2.2.0
-
cpe:2.3:h:eq-3:ccu2:-
-
cpe:2.3:o:eq-3:ccu2_firmware:2.35.16
-
cpe:2.3:o:eq-3:ccu2_firmware:2.41.5
-
cpe:2.3:o:eq-3:ccu2_firmware:2.41.8
-
cpe:2.3:o:eq-3:ccu2_firmware:2.41.9