CVE-2018-7297
First published: Thu Feb 22 2018(Updated: )
Remote Code Execution in the TCL script interpreter in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to obtain read/write access and execute system commands on the device. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Eq-3 Homematic Central Control Unit Ccu2 Firmware | <=2.29.22 | |
| Eq-3 Homematic Central Control Unit Ccu2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-7297?
CVE-2018-7297 is a vulnerability in the TCL script interpreter in eQ-3 AG Homematic CCU2 2.29.2 and earlier that allows remote code execution.
How can this vulnerability be exploited?
This vulnerability can be exploited by unauthenticated attackers with access to the web interface to obtain read/write access and execute system commands on the device.
What is the severity of CVE-2018-7297?
The severity of CVE-2018-7297 is critical with a severity score of 9.8.
Which software versions are affected by CVE-2018-7297?
eQ-3 AG Homematic CCU2 versions 2.29.2 and earlier are affected.
How do I fix CVE-2018-7297?
To fix CVE-2018-7297, it is recommended to update to a version of eQ-3 AG Homematic CCU2 that is later than 2.29.2.
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/event
- agent/type
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/eq-3
- canonical/eq-3 homematic central control unit ccu2 firmware
- version/eq-3 homematic central control unit ccu2 firmware/2.29.22
- canonical/eq-3 homematic central control unit ccu2