eQ-3 HomeMatic CCU2 devices prior to 2.41.8 and CCU3 devices prior to 3.43.15 use session IDs for authentication but lack authorization checks. An attacker can obtain a session ID via the user authentication dialogue, aka HMCCU-153. This leads to automatic login as admin.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
eq-3 ccu3_firmware |
||
eq-3 ccu2_firmware |