CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-24578

RaspberryMatic is an open-source operating system for HomeMatic internet-of-things devices. RaspberryMatic / OCCU prior to version 3.75.6.20240316 contains a unauthenticated remote code execution (RCE) vulnerability, caused by multiple issues within the Java based `HMIPServer.jar` component. RaspberryMatric includes a Java based `HMIPServer`, that can be accessed through URLs starting with `/pages/jpages`. The `FirmwareController` class does however not perform any session id checks, thus this feature can be accessed without a valid session. Due to this issue, attackers can gain remote code execution as root user, allowing a full system compromise. Version 3.75.6.20240316 contains a patch.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.636

EPSS Ranking 98.4%

CVSS Severity

CVSS v3 Score 10.0

References

Products affected by CVE-2024-24578

Raspberrymatic » Raspberrymatic » Version: 2.15.5.20151101

cpe:2.3:o:raspberrymatic:raspberrymatic:2.15.5.20151101
Raspberrymatic » Raspberrymatic » Version: 2.21.10.20160821

cpe:2.3:o:raspberrymatic:raspberrymatic:2.21.10.20160821
Raspberrymatic » Raspberrymatic » Version: 2.25.15.20161220

cpe:2.3:o:raspberrymatic:raspberrymatic:2.25.15.20161220
Raspberrymatic » Raspberrymatic » Version: 2.25.15.20170114

cpe:2.3:o:raspberrymatic:raspberrymatic:2.25.15.20170114
Raspberrymatic » Raspberrymatic » Version: 2.27.7.20170316

cpe:2.3:o:raspberrymatic:raspberrymatic:2.27.7.20170316
Raspberrymatic » Raspberrymatic » Version: 2.27.8.20170410

cpe:2.3:o:raspberrymatic:raspberrymatic:2.27.8.20170410
Raspberrymatic » Raspberrymatic » Version: 2.27.8.20170413

cpe:2.3:o:raspberrymatic:raspberrymatic:2.27.8.20170413
Raspberrymatic » Raspberrymatic » Version: 2.27.8.20170501

cpe:2.3:o:raspberrymatic:raspberrymatic:2.27.8.20170501
Raspberrymatic » Raspberrymatic » Version: 2.27.8.20170615

cpe:2.3:o:raspberrymatic:raspberrymatic:2.27.8.20170615
Raspberrymatic » Raspberrymatic » Version: 2.27.8.20170620

cpe:2.3:o:raspberrymatic:raspberrymatic:2.27.8.20170620
Raspberrymatic » Raspberrymatic » Version: 2.29.18.20170731

cpe:2.3:o:raspberrymatic:raspberrymatic:2.29.18.20170731
Raspberrymatic » Raspberrymatic » Version: 2.29.22.20170902

cpe:2.3:o:raspberrymatic:raspberrymatic:2.29.22.20170902
Raspberrymatic » Raspberrymatic » Version: 2.29.22.20171007

cpe:2.3:o:raspberrymatic:raspberrymatic:2.29.22.20171007
Raspberrymatic » Raspberrymatic » Version: 2.29.23.20171022

cpe:2.3:o:raspberrymatic:raspberrymatic:2.29.23.20171022
Raspberrymatic » Raspberrymatic » Version: 2.29.23.20171118

cpe:2.3:o:raspberrymatic:raspberrymatic:2.29.23.20171118
Raspberrymatic » Raspberrymatic » Version: 2.29.23.20171216

cpe:2.3:o:raspberrymatic:raspberrymatic:2.29.23.20171216
Raspberrymatic » Raspberrymatic » Version: 2.31.25.20180120

cpe:2.3:o:raspberrymatic:raspberrymatic:2.31.25.20180120
Raspberrymatic » Raspberrymatic » Version: 2.31.25.20180225

cpe:2.3:o:raspberrymatic:raspberrymatic:2.31.25.20180225
Raspberrymatic » Raspberrymatic » Version: 2.31.25.20180324

cpe:2.3:o:raspberrymatic:raspberrymatic:2.31.25.20180324
Raspberrymatic » Raspberrymatic » Version: 2.31.25.20180428

cpe:2.3:o:raspberrymatic:raspberrymatic:2.31.25.20180428
Raspberrymatic » Raspberrymatic » Version: 2.31.25.20180526

cpe:2.3:o:raspberrymatic:raspberrymatic:2.31.25.20180526
Raspberrymatic » Raspberrymatic » Version: 2.31.25.20180625

cpe:2.3:o:raspberrymatic:raspberrymatic:2.31.25.20180625
Raspberrymatic » Raspberrymatic » Version: 2.35.16.20180708

cpe:2.3:o:raspberrymatic:raspberrymatic:2.35.16.20180708
Raspberrymatic » Raspberrymatic » Version: 2.35.16.20180715

cpe:2.3:o:raspberrymatic:raspberrymatic:2.35.16.20180715
Raspberrymatic » Raspberrymatic » Version: 2.35.16.20180826

cpe:2.3:o:raspberrymatic:raspberrymatic:2.35.16.20180826
Raspberrymatic » Raspberrymatic » Version: 3.37.8.20180922

cpe:2.3:o:raspberrymatic:raspberrymatic:3.37.8.20180922
Raspberrymatic » Raspberrymatic » Version: 3.37.8.20180929

cpe:2.3:o:raspberrymatic:raspberrymatic:3.37.8.20180929
Raspberrymatic » Raspberrymatic » Version: 3.37.8.20181026

cpe:2.3:o:raspberrymatic:raspberrymatic:3.37.8.20181026
Raspberrymatic » Raspberrymatic » Version: 3.41.11.20181124

cpe:2.3:o:raspberrymatic:raspberrymatic:3.41.11.20181124
Raspberrymatic » Raspberrymatic » Version: 3.41.11.20181126

cpe:2.3:o:raspberrymatic:raspberrymatic:3.41.11.20181126
Raspberrymatic » Raspberrymatic » Version: 3.41.11.20181222

cpe:2.3:o:raspberrymatic:raspberrymatic:3.41.11.20181222
Raspberrymatic » Raspberrymatic » Version: 3.41.11.20190126

cpe:2.3:o:raspberrymatic:raspberrymatic:3.41.11.20190126
Raspberrymatic » Raspberrymatic » Version: 3.43.15.20190223

cpe:2.3:o:raspberrymatic:raspberrymatic:3.43.15.20190223
Raspberrymatic » Raspberrymatic » Version: 3.45.5.20190330

cpe:2.3:o:raspberrymatic:raspberrymatic:3.45.5.20190330
Raspberrymatic » Raspberrymatic » Version: 3.45.7.20190504

cpe:2.3:o:raspberrymatic:raspberrymatic:3.45.7.20190504
Raspberrymatic » Raspberrymatic » Version: 3.45.7.20190511

cpe:2.3:o:raspberrymatic:raspberrymatic:3.45.7.20190511
Raspberrymatic » Raspberrymatic » Version: 3.45.7.20190622

cpe:2.3:o:raspberrymatic:raspberrymatic:3.45.7.20190622
Raspberrymatic » Raspberrymatic » Version: 3.47.10.20190713

cpe:2.3:o:raspberrymatic:raspberrymatic:3.47.10.20190713
Raspberrymatic » Raspberrymatic » Version: 3.47.15.20190831

cpe:2.3:o:raspberrymatic:raspberrymatic:3.47.15.20190831
Raspberrymatic » Raspberrymatic » Version: 3.47.18.20190918

cpe:2.3:o:raspberrymatic:raspberrymatic:3.47.18.20190918
Raspberrymatic » Raspberrymatic » Version: 3.47.22.20191026

cpe:2.3:o:raspberrymatic:raspberrymatic:3.47.22.20191026
Raspberrymatic » Raspberrymatic » Version: 3.47.22.20191130

cpe:2.3:o:raspberrymatic:raspberrymatic:3.47.22.20191130
Raspberrymatic » Raspberrymatic » Version: 3.49.17.20191225

cpe:2.3:o:raspberrymatic:raspberrymatic:3.49.17.20191225
Raspberrymatic » Raspberrymatic » Version: 3.49.17.20200131

cpe:2.3:o:raspberrymatic:raspberrymatic:3.49.17.20200131
Raspberrymatic » Raspberrymatic » Version: 3.51.6.20200229

cpe:2.3:o:raspberrymatic:raspberrymatic:3.51.6.20200229
Raspberrymatic » Raspberrymatic » Version: 3.51.6.20200420

cpe:2.3:o:raspberrymatic:raspberrymatic:3.51.6.20200420
Raspberrymatic » Raspberrymatic » Version: 3.51.6.20200613

cpe:2.3:o:raspberrymatic:raspberrymatic:3.51.6.20200613
Raspberrymatic » Raspberrymatic » Version: 3.51.6.20200621

cpe:2.3:o:raspberrymatic:raspberrymatic:3.51.6.20200621
Raspberrymatic » Raspberrymatic » Version: 3.53.30.20200919

cpe:2.3:o:raspberrymatic:raspberrymatic:3.53.30.20200919
Raspberrymatic » Raspberrymatic » Version: 3.53.30.20201024

cpe:2.3:o:raspberrymatic:raspberrymatic:3.53.30.20201024
Raspberrymatic » Raspberrymatic » Version: 3.53.34.20201121

cpe:2.3:o:raspberrymatic:raspberrymatic:3.53.34.20201121
Raspberrymatic » Raspberrymatic » Version: 3.55.10.20210213

cpe:2.3:o:raspberrymatic:raspberrymatic:3.55.10.20210213
Raspberrymatic » Raspberrymatic » Version: 3.55.5.20201226

cpe:2.3:o:raspberrymatic:raspberrymatic:3.55.5.20201226
Raspberrymatic » Raspberrymatic » Version: 3.57.4.20210320

cpe:2.3:o:raspberrymatic:raspberrymatic:3.57.4.20210320
Raspberrymatic » Raspberrymatic » Version: 3.57.5.20210424

cpe:2.3:o:raspberrymatic:raspberrymatic:3.57.5.20210424
Raspberrymatic » Raspberrymatic » Version: 3.57.5.20210525

cpe:2.3:o:raspberrymatic:raspberrymatic:3.57.5.20210525
Raspberrymatic » Raspberrymatic » Version: 3.59.6.20210703

cpe:2.3:o:raspberrymatic:raspberrymatic:3.59.6.20210703
Raspberrymatic » Raspberrymatic » Version: 3.59.6.20210807

cpe:2.3:o:raspberrymatic:raspberrymatic:3.59.6.20210807
Raspberrymatic » Raspberrymatic » Version: 3.59.6.20210911

cpe:2.3:o:raspberrymatic:raspberrymatic:3.59.6.20210911
Raspberrymatic » Raspberrymatic » Version: 3.59.6.20211009

cpe:2.3:o:raspberrymatic:raspberrymatic:3.59.6.20211009
Raspberrymatic » Raspberrymatic » Version: 3.61.5.20211113

cpe:2.3:o:raspberrymatic:raspberrymatic:3.61.5.20211113
Raspberrymatic » Raspberrymatic » Version: 3.61.7.20211218

cpe:2.3:o:raspberrymatic:raspberrymatic:3.61.7.20211218
Raspberrymatic » Raspberrymatic » Version: 3.61.7.20220115

cpe:2.3:o:raspberrymatic:raspberrymatic:3.61.7.20220115
Raspberrymatic » Raspberrymatic » Version: 3.61.7.20220226

cpe:2.3:o:raspberrymatic:raspberrymatic:3.61.7.20220226
Raspberrymatic » Raspberrymatic » Version: 3.63.8.20220330

cpe:2.3:o:raspberrymatic:raspberrymatic:3.63.8.20220330

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-24578

Products

Pricing

Contact Us