CVE-2018-7299

Remote Code Execution in the addon installation process in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows authenticated attackers to create or overwrite arbitrary files or install malicious software on the device.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8 HIGH
ADJACENT_NETWORK
LOW
LOW
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 43%
VendorProductVersion
eq-3homematic_central_control_unit_ccu2_firmware
𝑥
≤ 2.29.22
𝑥
= Vulnerable software versions
References
http://atomic111.github.io/article/homematic-ccu2-untrusted_addon
http://atomic111.github.io/article/homematic-ccu2-untrusted_addon