1. Home
  2. CVE Database
  3. CVE-2019-16199
CRITICAL · 9.8

CVE-2019-16199

eQ-3 Homematic CCU2 before 2.47.18 and CCU3 before 3.47.18 allow Remote Code Execution by unauthenticated attackers with access to the web interface via an HTTP POST request to certain URLs related to...

Vulnerability Description

eQ-3 Homematic CCU2 before 2.47.18 and CCU3 before 3.47.18 allow Remote Code Execution by unauthenticated attackers with access to the web interface via an HTTP POST request to certain URLs related to the ReGa core process.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
Eq-3Homematic Ccu2 Firmware< 2.47.18
Eq-3Homematic Ccu2-
Eq-3Homematic Ccu3 Firmware< 3.47.18
Eq-3Homematic Ccu3-

Related Weaknesses (CWE)

CWE-306

References

FAQ

What is CVE-2019-16199?

CVE-2019-16199 is a vulnerability with a CVSS score of 9.8 (CRITICAL). eQ-3 Homematic CCU2 before 2.47.18 and CCU3 before 3.47.18 allow Remote Code Execution by unauthenticated attackers with access to the web interface via an HTTP POST request to certain URLs related to...

How severe is CVE-2019-16199?

CVE-2019-16199 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2019-16199?

Check the references section above for vendor advisories and patch information. Affected products include: Eq-3 Homematic Ccu2 Firmware, Eq-3 Homematic Ccu2, Eq-3 Homematic Ccu3 Firmware, Eq-3 Homematic Ccu3.