CVE-2020-12834
First published: Fri May 15 2020(Updated: )
eQ-3 Homematic Central Control Unit (CCU)2 through 2.51.6 and CCU3 through 3.51.6 allow Remote Code Execution in the JSON API Method ReGa.runScript, by unauthenticated attackers with access to the web interface, due to the default auto-login feature being enabled during first-time setup (or factory reset).
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| eQ-3 HomeMatic CCU2 firmware | <=2.51.6 | |
| eQ-3 Homematic CCU2 | ||
| Eq-3 Ccu3 Firmware | <=3.51.6 | |
| eQ-3 HomeMatic CCU3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-12834?
CVE-2020-12834 is a vulnerability in the eQ-3 Homematic Central Control Unit (CCU)2 and CCU3 that allows remote code execution.
How severe is CVE-2020-12834?
CVE-2020-12834 has a severity rating of 9.8 (Critical).
Which software versions are affected by CVE-2020-12834?
eQ-3 Homematic Central Control Unit (CCU)2 firmware up to 2.51.6 and CCU3 firmware up to 3.51.6 are affected by CVE-2020-12834.
How can CVE-2020-12834 be exploited?
CVE-2020-12834 can be exploited by unauthenticated attackers with access to the web interface, using the JSON API Method ReGa.runScript.
Is CVE-2020-12834 a known vulnerability?
Yes, CVE-2020-12834 is a known vulnerability and has been assigned a Common Vulnerabilities and Exposures (CVE) ID.
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/references
- agent/event
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/eq-3
- canonical/eq-3 homematic ccu2 firmware
- version/eq-3 homematic ccu2 firmware/2.51.6
- canonical/eq-3 homematic ccu2
- canonical/eq-3 ccu3 firmware
- version/eq-3 ccu3 firmware/3.51.6
- canonical/eq-3 homematic ccu3