Vulnerability Details CVE-2019-9726
Directory Traversal / Arbitrary File Read in eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to read arbitrary files of the device's filesystem. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.496
EPSS Ranking 97.7%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2019-9726
-
cpe:2.3:h:eq-3:ccu3:-
-
cpe:2.3:o:eq-3:ccu3_firmware:2.15.5
-
cpe:2.3:o:eq-3:ccu3_firmware:2.17.15
-
cpe:2.3:o:eq-3:ccu3_firmware:2.19.9
-
cpe:2.3:o:eq-3:ccu3_firmware:2.19.9-1
-
cpe:2.3:o:eq-3:ccu3_firmware:2.21.10
-
cpe:2.3:o:eq-3:ccu3_firmware:2.25.12
-
cpe:2.3:o:eq-3:ccu3_firmware:2.25.15
-
cpe:2.3:o:eq-3:ccu3_firmware:2.27.7
-
cpe:2.3:o:eq-3:ccu3_firmware:2.27.8
-
cpe:2.3:o:eq-3:ccu3_firmware:2.27.8-1
-
cpe:2.3:o:eq-3:ccu3_firmware:2.29.22
-
cpe:2.3:o:eq-3:ccu3_firmware:2.29.22-1
-
cpe:2.3:o:eq-3:ccu3_firmware:2.31.23
-
cpe:2.3:o:eq-3:ccu3_firmware:2.31.25
-
cpe:2.3:o:eq-3:ccu3_firmware:2.35.16
-
cpe:2.3:o:eq-3:ccu3_firmware:3.37.8
-
cpe:2.3:o:eq-3:ccu3_firmware:3.41.11
-
cpe:2.3:o:eq-3:ccu3_firmware:3.41.7
-
cpe:2.3:o:eq-3:ccu3_firmware:3.43.15