Vulnerability Details CVE-2019-14473
eQ-3 Homematic CCU2 and CCU3 use session IDs for authentication but lack authorization checks. Consequently, a valid guest level or user level account can create a new admin level account, read the service messages, clear the system protocol or modify/delete internal programs, etc. pp.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 64.8%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
Products affected by CVE-2019-14473
-
cpe:2.3:h:eq-3:ccu2:-
-
cpe:2.3:h:eq-3:ccu3:-
-
cpe:2.3:o:eq-3:ccu2_firmware:-
-
cpe:2.3:o:eq-3:ccu2_firmware:2.11.6
-
cpe:2.3:o:eq-3:ccu2_firmware:2.11.9
-
cpe:2.3:o:eq-3:ccu2_firmware:2.13.7
-
cpe:2.3:o:eq-3:ccu2_firmware:2.15.2
-
cpe:2.3:o:eq-3:ccu2_firmware:2.15.5
-
cpe:2.3:o:eq-3:ccu2_firmware:2.17.14
-
cpe:2.3:o:eq-3:ccu2_firmware:2.17.15
-
cpe:2.3:o:eq-3:ccu2_firmware:2.17.16
-
cpe:2.3:o:eq-3:ccu2_firmware:2.19.9
-
cpe:2.3:o:eq-3:ccu2_firmware:2.21.10
-
cpe:2.3:o:eq-3:ccu2_firmware:2.25.12
-
cpe:2.3:o:eq-3:ccu2_firmware:2.25.14
-
cpe:2.3:o:eq-3:ccu2_firmware:2.25.15
-
cpe:2.3:o:eq-3:ccu2_firmware:2.27.7
-
cpe:2.3:o:eq-3:ccu2_firmware:2.27.8
-
cpe:2.3:o:eq-3:ccu2_firmware:2.29.18
-
cpe:2.3:o:eq-3:ccu2_firmware:2.29.19
-
cpe:2.3:o:eq-3:ccu2_firmware:2.29.22
-
cpe:2.3:o:eq-3:ccu2_firmware:2.29.23
-
cpe:2.3:o:eq-3:ccu2_firmware:2.3.17
-
cpe:2.3:o:eq-3:ccu2_firmware:2.3.18
-
cpe:2.3:o:eq-3:ccu2_firmware:2.31.23
-
cpe:2.3:o:eq-3:ccu2_firmware:2.31.25
-
cpe:2.3:o:eq-3:ccu2_firmware:2.35.15
-
cpe:2.3:o:eq-3:ccu2_firmware:2.35.16
-
cpe:2.3:o:eq-3:ccu2_firmware:2.41.5
-
cpe:2.3:o:eq-3:ccu2_firmware:2.41.8
-
cpe:2.3:o:eq-3:ccu2_firmware:2.41.9
-
cpe:2.3:o:eq-3:ccu2_firmware:2.5.4
-
cpe:2.3:o:eq-3:ccu2_firmware:2.7.16
-
cpe:2.3:o:eq-3:ccu2_firmware:2.7.17
-
cpe:2.3:o:eq-3:ccu2_firmware:2.7.8
-
cpe:2.3:o:eq-3:ccu2_firmware:2.9.10
-
cpe:2.3:o:eq-3:ccu2_firmware:2.9.12
-
cpe:2.3:o:eq-3:ccu3_firmware:2.15.5
-
cpe:2.3:o:eq-3:ccu3_firmware:2.17.15
-
cpe:2.3:o:eq-3:ccu3_firmware:2.19.9
-
cpe:2.3:o:eq-3:ccu3_firmware:2.19.9-1
-
cpe:2.3:o:eq-3:ccu3_firmware:2.21.10
-
cpe:2.3:o:eq-3:ccu3_firmware:2.25.12
-
cpe:2.3:o:eq-3:ccu3_firmware:2.25.15
-
cpe:2.3:o:eq-3:ccu3_firmware:2.27.7
-
cpe:2.3:o:eq-3:ccu3_firmware:2.27.8
-
cpe:2.3:o:eq-3:ccu3_firmware:2.27.8-1
-
cpe:2.3:o:eq-3:ccu3_firmware:2.29.22
-
cpe:2.3:o:eq-3:ccu3_firmware:2.29.22-1
-
cpe:2.3:o:eq-3:ccu3_firmware:2.31.23
-
cpe:2.3:o:eq-3:ccu3_firmware:2.31.25
-
cpe:2.3:o:eq-3:ccu3_firmware:2.35.16
-
cpe:2.3:o:eq-3:ccu3_firmware:3.37.8
-
cpe:2.3:o:eq-3:ccu3_firmware:3.41.11
-
cpe:2.3:o:eq-3:ccu3_firmware:3.41.7
-
cpe:2.3:o:eq-3:ccu3_firmware:3.43.15
-
cpe:2.3:o:eq-3:ccu3_firmware:3.43.16