Vulnerability Description
Directory Traversal / Arbitrary File Write / Remote Code Execution in the User.setLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to write arbitrary files to the device's filesystem. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Eq-3 | Homematic Ccu2 Firmware | <= 2.29.22 |
| Eq-3 | Homematic Ccu2 | - |
Related Weaknesses (CWE)
References
- http://atomic111.github.io/article/homematic-ccu2-filewriteThird Party Advisory
- https://www.exploit-db.com/exploits/44361/Third Party AdvisoryVDB Entry
- http://atomic111.github.io/article/homematic-ccu2-filewriteThird Party Advisory
- https://www.exploit-db.com/exploits/44361/Third Party AdvisoryVDB Entry
FAQ
What is CVE-2018-7300?
CVE-2018-7300 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Directory Traversal / Arbitrary File Write / Remote Code Execution in the User.setLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to write arbitrary files to the d...
How severe is CVE-2018-7300?
CVE-2018-7300 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-7300?
Check the references section above for vendor advisories and patch information. Affected products include: Eq-3 Homematic Ccu2 Firmware, Eq-3 Homematic Ccu2.