CVE-2019-14423: OS Command Injection
First published: Thu Oct 17 2019(Updated: )
A Remote Code Execution (RCE) issue in the addon CUx-Daemon 1.11a of the eQ-3 Homematic CCU-Firmware 2.35.16 until 2.45.6 allows remote authenticated attackers to execute system commands as root remotely via a simple HTTP request.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Eq-3 Cux-daemon | >=1.11a<=2.2.0 | |
| Eq-3 Ccu2 Firmware | >=2.35.16<=2.45.6 | |
| Eq-3 Ccu2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-14423?
CVE-2019-14423 is a Remote Code Execution (RCE) vulnerability in the addon CUx-Daemon 1.11a of the eQ-3 Homematic CCU-Firmware.
How does CVE-2019-14423 affect the eQ-3 Homematic CCU-Firmware?
CVE-2019-14423 allows remote authenticated attackers to execute system commands as root remotely via a simple HTTP request.
What is the severity of CVE-2019-14423?
CVE-2019-14423 has a severity rating of critical (8.8).
What are the affected software versions by CVE-2019-14423?
The affected software versions are CUx-Daemon 1.11a of the eQ-3 Homematic CCU-Firmware 2.35.16 until 2.45.6.
How can I fix CVE-2019-14423?
To fix CVE-2019-14423, update the eQ-3 Homematic CCU-Firmware to a version higher than 2.45.6 or CUx-Daemon to a version higher than 2.2.0.
- collector/nvd-index
- agent/weakness
- agent/author
- agent/type
- agent/event
- agent/references
- agent/severity
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/eq-3
- canonical/eq-3 cux-daemon
- version/eq-3 cux-daemon/1.11a
- version/eq-3 cux-daemon/2.2.0
- canonical/eq-3 ccu2 firmware
- version/eq-3 ccu2 firmware/2.35.16
- version/eq-3 ccu2 firmware/2.45.6
- canonical/eq-3 ccu2