Vulnerability Description
Remote Code Execution in the TCL script interpreter in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to obtain read/write access and execute system commands on the device. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Eq-3 | Homematic Central Control Unit Ccu2 Firmware | <= 2.29.22 |
| Eq-3 | Homematic Central Control Unit Ccu2 | - |
References
- http://atomic111.github.io/article/homematic-ccu2-remote-code-executionThird Party Advisory
- https://www.exploit-db.com/exploits/44368/
- http://atomic111.github.io/article/homematic-ccu2-remote-code-executionThird Party Advisory
- https://www.exploit-db.com/exploits/44368/
FAQ
What is CVE-2018-7297?
CVE-2018-7297 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Remote Code Execution in the TCL script interpreter in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to obtain read/write access and execute system commands on the device. This vul...
How severe is CVE-2018-7297?
CVE-2018-7297 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-7297?
Check the references section above for vendor advisories and patch information. Affected products include: Eq-3 Homematic Central Control Unit Ccu2 Firmware, Eq-3 Homematic Central Control Unit Ccu2.