eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the E-Mail AddOn up to and including 1.6.8.c installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the save.cgi script for payload upload and the testtcl.cgi script for its execution.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
hm email project hm email 1.6.8c |
||
eq-3 homematic ccu2 firmware 2.24.20 |
||
eq-3 homematic ccu3 firmware 3.47.18 |
||
hm email project hm email 1.6.8b |
||
hm email project hm email 1.6.8a |
||
hm email project hm email 1.6.7c |
||
hm email project hm email 1.6.7b |
||
hm email project hm email 1.6.7a |
||
hm email project hm email 1.6.7 |
||
hm email project hm email 1.6.6 |
||
hm email project hm email 1.6.5 |
||
hm email project hm email 1.6.4 |
||
hm email project hm email 1.6.3 |
||
hm email project hm email 1.6.2 |
||
hm email project hm email 1.6.0 |
||
hm email project hm email 1.6.8 |