exploitDog

GHSA-qp96-5rrf-qmcp

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 8.8

Описание

On eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16, automatic login configuration (aka setAutoLogin) can be achieved by continuing to use a session ID after a logout, aka HMCCU-154.

On eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16, automatic login configuration (aka setAutoLogin) can be achieved by continuing to use a session ID after a logout, aka HMCCU-154.

Ссылки

EPSS

Процентиль: 40%

0.00183

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-384

Связанные уязвимости

CVE-2019-10120

CVSS3: 8.8

nvd

больше 6 лет назад

On eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16, automatic login configuration (aka setAutoLogin) can be achieved by continuing to use a session ID after a logout, aka HMCCU-154.

EPSS

Процентиль: 40%

0.00183

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-384