CVE-2019-14985
First published: Tue Aug 13 2019(Updated: )
eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn installed allow Remote Code Execution by unauthenticated attackers with access to the web interface, because this interface can access the CMD_EXEC virtual device type 28.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| eQ-3 HomeMatic CCU2 firmware | =2.35.16 | |
| eQ-3 HomeMatic CCU2 firmware | =2.41.5 | |
| eQ-3 HomeMatic CCU2 firmware | =2.41.8 | |
| eQ-3 HomeMatic CCU2 firmware | =2.41.9 | |
| eQ-3 HomeMatic CCU2 firmware | =2.45.6 | |
| eQ-3 HomeMatic CCU2 firmware | =2.45.7 | |
| eQ-3 HomeMatic CCU2 firmware | =2.47.10 | |
| eQ-3 HomeMatic CCU2 firmware | =2.47.12 | |
| eQ-3 HomeMatic CCU2 firmware | =2.47.15 | |
| eQ-3 Homematic CCU2 | ||
| eQ-3 HomeMatic CCU3 firmware | =3.41.11 | |
| eQ-3 HomeMatic CCU3 firmware | =3.43.16 | |
| eQ-3 HomeMatic CCU3 firmware | =3.45.5 | |
| eQ-3 HomeMatic CCU3 firmware | =3.45.7 | |
| eQ-3 HomeMatic CCU3 firmware | =3.47.10 | |
| eQ-3 HomeMatic CCU3 firmware | =3.47.15 | |
| eQ-3 HomeMatic CCU3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-14985?
CVE-2019-14985 is a vulnerability that allows remote code execution on eQ-3 Homematic CCU2 and CCU3 devices with the CUxD AddOn installed.
How does CVE-2019-14985 work?
CVE-2019-14985 allows unauthenticated attackers with access to the web interface to execute arbitrary code through the CMD_EXEC virtual device type 28.
What is the severity of CVE-2019-14985?
CVE-2019-14985 has a severity rating of 9.8 (Critical).
Which software versions are affected by CVE-2019-14985?
eQ-3 Homematic CCU2 firmware versions 2.35.16, 2.41.5, 2.41.8, 2.41.9, 2.45.6, 2.45.7, 2.47.10, 2.47.12, and 2.47.15, as well as eQ-3 Homematic CCU3 firmware versions 3.41.11, 3.43.16, 3.45.5, 3.45.7 3.47.10, and 3.47.15 are affected by CVE-2019-14985.
How can I fix CVE-2019-14985?
To fix CVE-2019-14985, it is recommended to update the eQ-3 Homematic CCU2 or CCU3 firmware to the latest version available.
- collector/nvd-index
- agent/references
- agent/severity
- agent/type
- agent/author
- agent/weakness
- agent/tags
- agent/description
- agent/event
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/eq-3
- canonical/eq-3 homematic ccu2 firmware
- version/eq-3 homematic ccu2 firmware/2.35.16
- version/eq-3 homematic ccu2 firmware/2.41.5
- version/eq-3 homematic ccu2 firmware/2.41.8
- version/eq-3 homematic ccu2 firmware/2.41.9
- version/eq-3 homematic ccu2 firmware/2.45.6
- version/eq-3 homematic ccu2 firmware/2.45.7
- version/eq-3 homematic ccu2 firmware/2.47.10
- version/eq-3 homematic ccu2 firmware/2.47.12
- version/eq-3 homematic ccu2 firmware/2.47.15
- canonical/eq-3 homematic ccu2
- canonical/eq-3 homematic ccu3 firmware
- version/eq-3 homematic ccu3 firmware/3.41.11
- version/eq-3 homematic ccu3 firmware/3.43.16
- version/eq-3 homematic ccu3 firmware/3.45.5
- version/eq-3 homematic ccu3 firmware/3.45.7
- version/eq-3 homematic ccu3 firmware/3.47.10
- version/eq-3 homematic ccu3 firmware/3.47.15
- canonical/eq-3 homematic ccu3