Описание
eQ-3 Homematic CCU3 AddOn 'Mediola NEO Server for Homematic CCU3' prior to 2.4.5 allows uncontrolled admin access to start or stop the Node.js process, resulting in the ability to obtain mediola configuration details. This is related to improper access control for addons configuration pages and a missing check in rc.d/97NeoServer.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.4.5 (исключая)
cpe:2.3:a:mediola:neo_server:*:*:*:*:*:*:*:*
EPSS
Процентиль: 57%
0.00349
Низкий
8.2 High
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-425
Связанные уязвимости
github
больше 3 лет назад
eQ-3 Homematic CCU3 AddOn 'Mediola NEO Server for Homematic CCU3' prior to 2.4.5 allows uncontrolled admin access to start or stop the Node.js process, resulting in the ability to obtain mediola configuration details. This is related to improper access control for addons configuration pages and a missing check in rc.d/97NeoServer.
EPSS
Процентиль: 57%
0.00349
Низкий
8.2 High
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-425