Vulnerability Description
eQ-3 HomeMatic CCU2 devices before 2.41.9 and CCU3 devices before 3.43.16 have buffer overflows in the ReGa ise GmbH HTTP-Server 2.0 component, aka HMCCU-179. This may lead to remote code execution.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Eq-3 | Ccu3 Firmware | < 3.43.16 |
| Eq-3 | Ccu3 | - |
| Eq-3 | Ccu2 Firmware | < 2.41.9 |
| Eq-3 | Ccu2 | - |
Related Weaknesses (CWE)
References
- https://www.eq-3.de/Downloads/Software/CCU3-Firmware/CCU3-3.43.16/CCU3-ChangelogRelease NotesVendor Advisory
- https://www.eq-3.de/Downloads/Software/HM-CCU2-Firmware_Updates/HM-CCU-2.41.9/HMRelease NotesVendor Advisory
- https://www.eq-3.de/Downloads/Software/CCU3-Firmware/CCU3-3.43.16/CCU3-ChangelogRelease NotesVendor Advisory
- https://www.eq-3.de/Downloads/Software/HM-CCU2-Firmware_Updates/HM-CCU-2.41.9/HMRelease NotesVendor Advisory
FAQ
What is CVE-2019-10122?
CVE-2019-10122 is a vulnerability with a CVSS score of 9.8 (CRITICAL). eQ-3 HomeMatic CCU2 devices before 2.41.9 and CCU3 devices before 3.43.16 have buffer overflows in the ReGa ise GmbH HTTP-Server 2.0 component, aka HMCCU-179. This may lead to remote code execution.
How severe is CVE-2019-10122?
CVE-2019-10122 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-10122?
Check the references section above for vendor advisories and patch information. Affected products include: Eq-3 Ccu3 Firmware, Eq-3 Ccu3, Eq-3 Ccu2 Firmware, Eq-3 Ccu2.