Vulnerability Description
eQ-3 Homematic CCU2 prior to 2.47.10 and CCU3 prior to 3.47.10 JSON API has Improper Access Control for Interface.***Metadata related operations, resulting in the ability to read, set and deletion of Metadata.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Eq-3 | Homematic Ccu2 Firmware | < 2.47.10 |
| Eq-3 | Homematic Ccu2 | - |
| Eq-3 | Homematic Ccu3 Firmware | < 3.47.10 |
| Eq-3 | Homematic Ccu3 | - |
Related Weaknesses (CWE)
References
- https://github.com/psytester/psytester.github.io/blob/master/_posts/hacking_and_ExploitThird Party Advisory
- https://psytester.github.io/CVE-2019-9585/ExploitThird Party Advisory
- https://github.com/psytester/psytester.github.io/blob/master/_posts/hacking_and_ExploitThird Party Advisory
- https://psytester.github.io/CVE-2019-9585/ExploitThird Party Advisory
FAQ
What is CVE-2019-9585?
CVE-2019-9585 is a vulnerability with a CVSS score of 9.8 (CRITICAL). eQ-3 Homematic CCU2 prior to 2.47.10 and CCU3 prior to 3.47.10 JSON API has Improper Access Control for Interface.***Metadata related operations, resulting in the ability to read, set and deletion of ...
How severe is CVE-2019-9585?
CVE-2019-9585 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-9585?
Check the references section above for vendor advisories and patch information. Affected products include: Eq-3 Homematic Ccu2 Firmware, Eq-3 Homematic Ccu2, Eq-3 Homematic Ccu3 Firmware, Eq-3 Homematic Ccu3.