CVE-2019-9727
First published: Mon May 13 2019(Updated: )
Unauthenticated password hash disclosure in the User.getUserPWD method in eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to retrieve the GUI password hashes of GUI users. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Eq-3 Ccu3 Firmware | <=3.43.15 | |
| Eq-3 Ccu3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-9727?
CVE-2019-9727 is a vulnerability that allows remote attackers to retrieve the GUI password hashes of GUI users in eQ-3 AG Homematic CCU3 3.43.15 and earlier.
How severe is CVE-2019-9727?
CVE-2019-9727 has a severity rating of 7.5 (high).
How does CVE-2019-9727 work?
CVE-2019-9727 allows unauthenticated attackers with access to the web interface to retrieve the password hashes of GUI users.
Is Eq-3 Ccu3 affected by CVE-2019-9727?
Yes, Eq-3 Ccu3 firmware version up to 3.43.15 is affected by CVE-2019-9727.
How can I fix CVE-2019-9727?
To fix CVE-2019-9727, update the eQ-3 AG Homematic CCU3 firmware to a version that is not vulnerable.
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/event
- vendor/eq-3
- canonical/eq-3 ccu3 firmware
- version/eq-3 ccu3 firmware/3.43.15
- canonical/eq-3 ccu3