GCVE - cpe:2.3:h:eq-3:ccu2:-:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:h:eq-3:ccu2:-:*:*:*:*:*:*:*

part: h version: - update: *

Vendor	Eq 3 (`11715dba-e07d-5393-bfe8-7d5685450e28`)
Product	Ccu2 (`7e8321eb-f5bd-50a3-ba04-7ff6fdcc91a5`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2019-14475`	not_vulnerable	2026-06-08 05:12:54.900265	Details available eQ-3 Homematic CCU2 2.47.15 and prior and CCU3 3.47.15 and prior use session IDs for authentication but lack authorization checks. An attacker can obtain a session ID from CVE-2019-9583, resulting in the ability to read the service messages, clear the system protocol, create a new user in the system, or modify/delete internal programs. Published: 2019-08-05T19:27:50.000Z Updated: 2024-08-05T00:19:41.137Z Open on db.gcve.eu Reference links https://psytester.github.io/CVE-2019-14475	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-14473`	not_vulnerable	2026-06-08 05:12:54.897464	Details available eQ-3 Homematic CCU2 and CCU3 use session IDs for authentication but lack authorization checks. Consequently, a valid guest level or user level account can create a new admin level account, read the service messages, clear the system protocol or modify/delete internal programs, etc. pp. Published: 2019-08-06T18:03:10.000Z Updated: 2024-08-05T00:19:41.317Z Open on db.gcve.eu Reference links https://psytester.github.io/CVE-2019-14473	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-14424`	not_vulnerable	2026-06-08 05:12:54.831960	Details available A Local File Inclusion (LFI) issue in the addon CUx-Daemon 1.11a of the eQ-3 Homematic CCU-Firmware 2.35.16 until 2.45.6 allows remote authenticated attackers to read sensitive files via a simple HTTP Request. Published: 2019-10-17T13:21:44.000Z Updated: 2024-08-05T00:19:41.367Z Open on db.gcve.eu Reference links https://www.eq-3.com/products/homematic.html https://noskill1337.github.io/homematic-with-cux-daemon-local-file-inclusion	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-14423`	not_vulnerable	2026-06-08 05:12:54.831475	Details available A Remote Code Execution (RCE) issue in the addon CUx-Daemon 1.11a of the eQ-3 Homematic CCU-Firmware 2.35.16 until 2.45.6 allows remote authenticated attackers to execute system commands as root remotely via a simple HTTP request. Published: 2019-10-17T13:28:32.000Z Updated: 2024-08-05T00:19:41.131Z Open on db.gcve.eu Reference links https://www.eq-3.com/products/homematic.html https://noskill1337.github.io/homematic-with-cux-daemon-remote-code-execution	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-10122`	not_vulnerable	2026-06-08 05:12:22.267764	Details available eQ-3 HomeMatic CCU2 devices before 2.41.9 and CCU3 devices before 3.43.16 have buffer overflows in the ReGa ise GmbH HTTP-Server 2.0 component, aka HMCCU-179. This may lead to remote code execution. Published: 2019-07-10T11:56:48.000Z Updated: 2024-08-04T22:10:09.781Z Open on db.gcve.eu Reference links https://www.eq-3.de/Downloads/Software/HM-CCU2-Firmware_Updates/HM-CCU-2.41.9/HM-CCU2-Changelog.2.41.9.pdf https://www.eq-3.de/Downloads/Software/CCU3-Firmware/CCU3-3.43.16/CCU3-Changelog.3.43.16.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-10121`	not_vulnerable	2026-06-08 05:12:22.267282	Details available eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.15 use session IDs for authentication but lack authorization checks. An attacker can obtain a session ID via the user authentication dialogue, aka HMCCU-153. This leads to automatic login as admin. Published: 2019-07-10T11:54:13.000Z Updated: 2024-08-04T22:10:09.782Z Open on db.gcve.eu Reference links https://www.eq-3.de/Downloads/Software/HM-CCU2-Firmware_Updates/HM-CCU-2.41.9/HM-CCU2-Changelog.2.41.9.pdf https://www.eq-3.de/Downloads/Software/CCU3-Firmware/CCU3-3.43.16/CCU3-Changelog.3.43.16.pdf https://os-s.de/advisories/OSS-2018-01.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-10120`	not_vulnerable	2026-06-08 05:12:22.266843	Details available On eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16, automatic login configuration (aka setAutoLogin) can be achieved by continuing to use a session ID after a logout, aka HMCCU-154. Published: 2019-07-10T11:47:18.000Z Updated: 2024-08-04T22:10:09.898Z Open on db.gcve.eu Reference links https://www.eq-3.de/Downloads/Software/HM-CCU2-Firmware_Updates/HM-CCU-2.41.9/HM-CCU2-Changelog.2.41.9.pdf https://www.eq-3.de/Downloads/Software/CCU3-Firmware/CCU3-3.43.16/CCU3-Changelog.3.43.16.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-10119`	not_vulnerable	2026-06-08 05:12:22.266210	Details available eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16 use session IDs for authentication but lack authorization checks. An attacker can obtain a session ID via an invalid login attempt to the RemoteApi account, aka HMCCU-154. This leads to automatic login as admin. Published: 2019-07-10T11:50:44.000Z Updated: 2024-08-04T22:10:09.905Z Open on db.gcve.eu Reference links https://www.eq-3.de/Downloads/Software/HM-CCU2-Firmware_Updates/HM-CCU-2.41.9/HM-CCU2-Changelog.2.41.9.pdf https://www.eq-3.de/Downloads/Software/CCU3-Firmware/CCU3-3.43.16/CCU3-Changelog.3.43.16.pdf	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.