CVE-2019-16199

eQ-3 Homematic CCU2 before 2.47.18 and CCU3 before 3.47.18 allow Remote Code Execution by unauthenticated attackers with access to the web interface via an HTTP POST request to certain URLs related to the ReGa core process.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
eq-3homematic_ccu2_firmware
𝑥
< 2.47.18
eq-3homematic_ccu3_firmware
𝑥
< 3.47.18
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://psytester.github.io/CVE-2019-16199/
https://psytester.github.io/CVE-2019-16199/