1. Home
  2. CVE Database
  3. CVE-2018-7296
MEDIUM · 5.3

CVE-2018-7296

Directory Traversal / Arbitrary File Read in User.getLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to read the first line of an arbitrary file on the CCU2's file...

Vulnerability Description

Directory Traversal / Arbitrary File Read in User.getLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to read the first line of an arbitrary file on the CCU2's filesystem. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.

CVSS Score

5.3

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
Eq-3Homematic Central Control Unit Ccu2 Firmware<= 2.29.22
Eq-3Homematic Central Control Unit Ccu2-

Related Weaknesses (CWE)

CWE-22

References

FAQ

What is CVE-2018-7296?

CVE-2018-7296 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Directory Traversal / Arbitrary File Read in User.getLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to read the first line of an arbitrary file on the CCU2's file...

How severe is CVE-2018-7296?

CVE-2018-7296 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-7296?

Check the references section above for vendor advisories and patch information. Affected products include: Eq-3 Homematic Central Control Unit Ccu2 Firmware, Eq-3 Homematic Central Control Unit Ccu2.