CVE-2019-9726: Path Traversal
First published: Mon May 13 2019(Updated: )
Directory Traversal / Arbitrary File Read in eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to read arbitrary files of the device's filesystem. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Eq-3 Ccu3 Firmware | <=3.43.15 | |
| Eq-3 Ccu3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-9726?
CVE-2019-9726 is a directory traversal vulnerability in eQ-3 AG Homematic CCU3 3.43.15 and earlier, which allows remote attackers to read arbitrary files on the device's filesystem.
How severe is CVE-2019-9726?
CVE-2019-9726 has a severity score of 7.5 (High).
How can an attacker exploit CVE-2019-9726?
An attacker with access to the web interface can exploit CVE-2019-9726 to read arbitrary files on the device's filesystem.
Which software versions are affected by CVE-2019-9726?
eQ-3 AG Homematic CCU3 versions up to and including 3.43.15 are affected by CVE-2019-9726.
Is the Eq-3 Ccu3 software vulnerable?
No, the Eq-3 Ccu3 software is not vulnerable to CVE-2019-9726.
How can CVE-2019-9726 be fixed?
Upgrade to a version of eQ-3 AG Homematic CCU3 that is later than 3.43.15 to fix CVE-2019-9726.
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/tags
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- vendor/eq-3
- canonical/eq-3 ccu3 firmware
- version/eq-3 ccu3 firmware/3.43.15
- canonical/eq-3 ccu3