Approved changes feed: RSS · Atom

cpe:2.3:o:eq-3:homematic_central_control_unit_ccu2_firmware:2.29.22:*:*:*:*:*:*:*

part: o version: 2.29.22 update: *

VendorEq 3 (11715dba-e07d-5393-bfe8-7d5685450e28)
ProductHomematic Central Control Unit Ccu2 Firmware (3cda5320-1a08-58ab-8469-ef729f421804)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2018-7301 vulnerable 2026-06-08 05:12:03.590516 Details available
eQ-3 AG HomeMatic CCU2 2.29.22 devices have an open XML-RPC port without authentication. This can be exploited by sending arbitrary XML-RPC requests to control the attached BidCos devices.
Published: 2018-02-22T19:00:00.000Z
Updated: 2024-08-05T06:24:11.833Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2018-7298 vulnerable 2026-06-08 05:12:03.586534 Details available
In /usr/local/etc/config/addons/mh/loopupd.sh on eQ-3 AG HomeMatic CCU2 2.29.22 devices, software update packages are downloaded via the HTTP protocol, which does not provide any cryptographic protection of the downloaded contents. An attacker with a privileged network position (which could be obtained via DNS spoofing of www.meine-homematic.de or other approaches) can exploit this issue in order to provide arbitrary malicious firmware updates to the CCU2. This can result in a full system compromise.
Published: 2018-02-22T19:00:00.000Z
Updated: 2024-08-05T06:24:11.812Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.