CVE-2019-16199
First published: Tue Sep 17 2019(Updated: )
eQ-3 Homematic CCU2 before 2.47.18 and CCU3 before 3.47.18 allow Remote Code Execution by unauthenticated attackers with access to the web interface via an HTTP POST request to certain URLs related to the ReGa core process.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| eQ-3 HomeMatic CCU2 firmware | <2.47.18 | |
| eQ-3 Homematic CCU2 | ||
| eQ-3 HomeMatic CCU3 firmware | <3.47.18 | |
| eQ-3 HomeMatic CCU3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-16199?
CVE-2019-16199 is a vulnerability in eQ-3 Homematic CCU2 before 2.47.18 and CCU3 before 3.47.18 that allows remote code execution by unauthenticated attackers.
How can the vulnerability CVE-2019-16199 be exploited?
The vulnerability CVE-2019-16199 can be exploited by sending an HTTP POST request to certain URLs related to the ReGa core process in the web interface of eQ-3 Homematic CCU2 and CCU3.
What is the severity of CVE-2019-16199?
CVE-2019-16199 has a severity level of 9.8 (critical).
Which versions of eQ-3 Homematic CCU2 are affected by CVE-2019-16199?
Versions of eQ-3 Homematic CCU2 firmware up to exclusive version 2.47.18 are affected by CVE-2019-16199.
Which versions of eQ-3 Homematic CCU3 are affected by CVE-2019-16199?
Versions of eQ-3 Homematic CCU3 firmware up to exclusive version 3.47.18 are affected by CVE-2019-16199.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/type
- agent/event
- agent/severity
- agent/author
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/eq-3
- canonical/eq-3 homematic ccu2 firmware
- canonical/eq-3 homematic ccu2
- canonical/eq-3 homematic ccu3 firmware
- canonical/eq-3 homematic ccu3