Vulnerability Details CVE-2019-14424
A Local File Inclusion (LFI) issue in the addon CUx-Daemon 1.11a of the eQ-3 Homematic CCU-Firmware 2.35.16 until 2.45.6 allows remote authenticated attackers to read sensitive files via a simple HTTP Request.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 55.0%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
Products affected by CVE-2019-14424
-
cpe:2.3:a:eq-3:cux-daemon:1.11a
-
cpe:2.3:a:eq-3:cux-daemon:1.12
-
cpe:2.3:a:eq-3:cux-daemon:2.0.0
-
cpe:2.3:a:eq-3:cux-daemon:2.1.0
-
cpe:2.3:a:eq-3:cux-daemon:2.2.0
-
cpe:2.3:h:eq-3:ccu2:-
-
cpe:2.3:o:eq-3:ccu2_firmware:2.35.16
-
cpe:2.3:o:eq-3:ccu2_firmware:2.41.5
-
cpe:2.3:o:eq-3:ccu2_firmware:2.41.8
-
cpe:2.3:o:eq-3:ccu2_firmware:2.41.9