CVE-2019-14424: Path Traversal
First published: Thu Oct 17 2019(Updated: )
A Local File Inclusion (LFI) issue in the addon CUx-Daemon 1.11a of the eQ-3 Homematic CCU-Firmware 2.35.16 until 2.45.6 allows remote authenticated attackers to read sensitive files via a simple HTTP Request.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Eq-3 Cux-daemon | >=1.11a<=2.2.0 | |
| Eq-3 Ccu2 Firmware | >=2.35.16<=2.45.6 | |
| Eq-3 Ccu2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-14424?
CVE-2019-14424 is a Local File Inclusion (LFI) vulnerability in the CUx-Daemon addon of the eQ-3 Homematic CCU-Firmware.
How does CVE-2019-14424 affect the eQ-3 Homematic CCU-Firmware?
CVE-2019-14424 allows remote authenticated attackers to read sensitive files in the eQ-3 Homematic CCU-Firmware via a simple HTTP request.
Which software versions are affected by CVE-2019-14424?
The CUx-Daemon addon version 1.11a of the eQ-3 Homematic CCU-Firmware from version 2.35.16 to 2.45.6 are affected by CVE-2019-14424.
How severe is CVE-2019-14424?
CVE-2019-14424 has a severity rating of 6.5 (Medium).
How can I fix CVE-2019-14424?
To fix CVE-2019-14424, it is recommended to update the CUx-Daemon addon and the eQ-3 Homematic CCU-Firmware to the latest versions.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/tags
- agent/event
- agent/type
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/eq-3
- canonical/eq-3 cux-daemon
- version/eq-3 cux-daemon/1.11a
- version/eq-3 cux-daemon/2.2.0
- canonical/eq-3 ccu2 firmware
- version/eq-3 ccu2 firmware/2.35.16
- version/eq-3 ccu2 firmware/2.45.6
- canonical/eq-3 ccu2