Описание
Unauthenticated password hash disclosure in the User.getUserPWD method in eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to retrieve the GUI password hashes of GUI users. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.43.15 (включая)
Одновременно
cpe:2.3:o:eq-3:ccu3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:eq-3:ccu3:-:*:*:*:*:*:*:*
EPSS
Процентиль: 58%
0.00372
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-306
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
Unauthenticated password hash disclosure in the User.getUserPWD method in eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to retrieve the GUI password hashes of GUI users. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.
EPSS
Процентиль: 58%
0.00372
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-306