← Zuruck zu CVEs
CVE-2018-7300
CRITICAL9.8
Beschreibung
Directory Traversal / Arbitrary File Write / Remote Code Execution in the User.setLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to write arbitrary files to the device's filesystem. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.
CVE Details
CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht2/22/2018
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
eq-3:homematic_ccu2eq-3:homematic_ccu2_firmware
Schwachen (CWE)
CWE-22
Referenzen
http://atomic111.github.io/article/homematic-ccu2-filewrite(cve@mitre.org)
https://www.exploit-db.com/exploits/44361/(cve@mitre.org)
http://atomic111.github.io/article/homematic-ccu2-filewrite(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/44361/(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.