Vulnerability Description
A Remote Code Execution (RCE) issue in the addon CUx-Daemon 1.11a of the eQ-3 Homematic CCU-Firmware 2.35.16 until 2.45.6 allows remote authenticated attackers to execute system commands as root remotely via a simple HTTP request.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Eq-3 | Cux-Daemon | >= 1.11a, <= 2.2.0 |
| Eq-3 | Ccu2 Firmware | >= 2.35.16, <= 2.45.6 |
| Eq-3 | Ccu2 | - |
Related Weaknesses (CWE)
References
- https://noskill1337.github.io/homematic-with-cux-daemon-remote-code-executionExploitMitigationThird Party Advisory
- https://www.eq-3.com/products/homematic.htmlVendor Advisory
- https://noskill1337.github.io/homematic-with-cux-daemon-remote-code-executionExploitMitigationThird Party Advisory
- https://www.eq-3.com/products/homematic.htmlVendor Advisory
FAQ
What is CVE-2019-14423?
CVE-2019-14423 is a vulnerability with a CVSS score of 8.8 (HIGH). A Remote Code Execution (RCE) issue in the addon CUx-Daemon 1.11a of the eQ-3 Homematic CCU-Firmware 2.35.16 until 2.45.6 allows remote authenticated attackers to execute system commands as root remot...
How severe is CVE-2019-14423?
CVE-2019-14423 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-14423?
Check the references section above for vendor advisories and patch information. Affected products include: Eq-3 Cux-Daemon, Eq-3 Ccu2 Firmware, Eq-3 Ccu2.