eQ-3 Homematic CCU2 2.47.15 and prior and CCU3 3.47.15 and prior use session IDs for authentication but lack authorization checks. An attacker can obtain a session ID from CVE-2019-9583, resulting in the ability to read the service messages, clear the system protocol, create a new user in the system, or modify/delete internal programs.
References
Link | Resource |
---|---|
https://psytester.github.io/CVE-2019-14475 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-08-05T19:27:50
Updated: 2019-08-05T19:27:50
Reserved: 2019-08-01T00:00:00
Link: CVE-2019-14475
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-08-05T20:15:11.030
Modified: 2020-08-24T17:37:01.140
Link: CVE-2019-14475
JSON object: View
Redhat Information
No data.
CWE