eQ-3 Homematic CCU2 and CCU3 obtain session IDs without login. This allows a Denial of Service and is a starting point for other attacks. Affected versions for CCU2: 2.35.16, 2.41.5, 2.41.8, 2.41.9, 2.45.6, 2.45.7, 2.47.10, 2.47.12, 2.47.15. Affected versions for CCU3: 3.41.11, 3.43.16, 3.45.5, 3.45.7, 3.47.10, 3.47.15.
References
Link | Resource |
---|---|
https://github.com/psytester/psytester.github.io/blob/master/_posts/hacking_and_pentests/CVEs/2019-03-27-CVE-2019-9583.md | Exploit Third Party Advisory |
https://psytester.github.io/CVE-2019-9583/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-08-14T19:47:54
Updated: 2019-08-14T19:47:54
Reserved: 2019-03-06T00:00:00
Link: CVE-2019-9583
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-08-14T20:15:11.790
Modified: 2020-04-10T20:05:20.117
Link: CVE-2019-9583
JSON object: View
Redhat Information
No data.
CWE