eQ-3 Homematic CCU2 and CCU3 obtain session IDs without login. This allows a Denial of Service and is a starting point for other attacks. Affected versions for CCU2: 2.35.16, 2.41.5, 2.41.8, 2.41.9, 2.45.6, 2.45.7, 2.47.10, 2.47.12, 2.47.15. Affected versions for CCU3: 3.41.11, 3.43.16, 3.45.5, 3.45.7, 3.47.10, 3.47.15.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
eq-3 homematic_ccu3_firmware 3.41.11 |
||
eq-3 homematic_ccu3_firmware 3.43.16 |
||
eq-3 homematic_ccu3_firmware 3.45.5 |
||
eq-3 homematic_ccu3_firmware 3.45.7 |
||
eq-3 homematic_ccu3_firmware 3.47.10 |
||
eq-3 homematic_ccu3_firmware 3.47.15 |
||
eq-3 homematic_ccu2_firmware - |
||
eq-3 homematic_ccu2_firmware 2.35.16 |
||
eq-3 homematic_ccu2_firmware 2.41.5 |
||
eq-3 homematic_ccu2_firmware 2.41.8 |
||
eq-3 homematic_ccu2_firmware 2.41.9 |
||
eq-3 homematic_ccu2_firmware 2.45.6 |
||
eq-3 homematic_ccu2_firmware 2.45.7 |
||
eq-3 homematic_ccu2_firmware 2.47.10 |
||
eq-3 homematic_ccu2_firmware 2.47.12 |
||
eq-3 homematic_ccu2_firmware 2.47.15 |