eQ-3 HomeMatic CCU2 devices before... CVE-2019-10121

7.5 AV AC AU C I A
发布: 2019-07-10
修订: 2020-08-24

eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.15 use session IDs for authentication but lack authorization checks. An attacker can obtain a session ID via the user authentication dialogue, aka HMCCU-153. This leads to automatic login as admin.

0%

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有4条受影响产品信息