CVE-2019-9585

Опубликовано: 14 авг. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

eQ-3 Homematic CCU2 prior to 2.47.10 and CCU3 prior to 3.47.10 JSON API has Improper Access Control for Interface.***Metadata related operations, resulting in the ability to read, set and deletion of Metadata.

Ссылки

https://github.com/psytester/psytester.github.io/blob/master/_posts/hacking_and_pentests/CVEs/2019-03-27-CVE-2019-9585.md
Exploit
Third Party Advisory
https://psytester.github.io/CVE-2019-9585/
Exploit
Third Party Advisory
https://github.com/psytester/psytester.github.io/blob/master/_posts/hacking_and_pentests/CVEs/2019-03-27-CVE-2019-9585.md
Exploit
Third Party Advisory
https://psytester.github.io/CVE-2019-9585/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:eq-3:homematic_ccu2_firmware:*:*:*:*:*:*:*:*

Версия до 2.47.10 (исключая)

cpe:2.3:h:eq-3:homematic_ccu2:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:eq-3:homematic_ccu3_firmware:*:*:*:*:*:*:*:*

Версия до 3.47.10 (исключая)

cpe:2.3:h:eq-3:homematic_ccu3:-:*:*:*:*:*:*:*

EPSS

Процентиль: 63%

0.00448

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-306

Связанные уязвимости

GHSA-77v8-h56j-2fvw