eQ-3 Homematic Central Control Unit CCU2 2.29.22
Approved changes feed: RSS · Atom
cpe:2.3:o:eq-3:homematic_central_control_unit_ccu2_firmware:2.29.22:*:*:*:*:*:*:*
part: o version: 2.29.22 update: *
| Vendor | Eq 3 (11715dba-e07d-5393-bfe8-7d5685450e28) |
|---|---|
| Product | Homematic Central Control Unit Ccu2 Firmware (3cda5320-1a08-58ab-8469-ef729f421804) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2018-7301 |
vulnerable | 2026-06-08 05:12:03.590516 |
Details available
eQ-3 AG HomeMatic CCU2 2.29.22 devices have an open XML-RPC port without authentication. This can be exploited by sending arbitrary XML-RPC requests to control the attached BidCos devices.
Published: 2018-02-22T19:00:00.000Z
Updated: 2024-08-05T06:24:11.833Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-7298 |
vulnerable | 2026-06-08 05:12:03.586534 |
Details available
In /usr/local/etc/config/addons/mh/loopupd.sh on eQ-3 AG HomeMatic CCU2 2.29.22 devices, software update packages are downloaded via the HTTP protocol, which does not provide any cryptographic protection of the downloaded contents. An attacker with a privileged network position (which could be obtained via DNS spoofing of www.meine-homematic.de or other approaches) can exploit this issue in order to provide arbitrary malicious firmware updates to the CCU2. This can result in a full system compromise.
Published: 2018-02-22T19:00:00.000Z
Updated: 2024-08-05T06:24:11.812Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.