CVE-2018-7301

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.1290%

EPSS Percentile6.75th

PublishedFeb 22, 2018

Last ModifiedNov 21, 2024

Vulnerability Description

eQ-3 AG HomeMatic CCU2 2.29.22 devices have an open XML-RPC port without authentication. This can be exploited by sending arbitrary XML-RPC requests to control the attached BidCos devices.

Affected Platforms (CPE)

💻

Eq 3

Homematic Central Control Unit Ccu2 Firmware

= 2.29.22

References & Advisories

🔗 http://atomic111.github.io/article/homematic-ccu2-xml-rpc

Related Vulnerabilities

CVE-2018-403110.0

An exploitable vulnerability exists in the safe browsing function of the CUJO Smart Firewall, version 7003. The flaw lies in the w...

CVE-2018-2126810.0

The traceroute (aka node-traceroute) package through 1.0.0 for Node.js allows remote command injection via the host parameter. Thi...

CVE-2018-1874810.0

Sandboxie 5.26 allows a Sandbox Escape via an "import os" statement, followed by os.system("cmd") or os.system("powershell"), with...

CVE-2018-377410.0

Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, ...