CVE-2018-7301

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.1290%

EPSS Percentile6.75th

Published2018年2月22日

Last Modified2024年11月21日

Vulnerability Description

eQ-3 AG HomeMatic CCU2 2.29.22 devices have an open XML-RPC port without authentication. This can be exploited by sending arbitrary XML-RPC requests to control the attached BidCos devices.

Affected Platforms (CPE)

💻

Eq 3

Homematic Central Control Unit Ccu2 Firmware

= 2.29.22

References & Advisories

🔗 http://atomic111.github.io/article/homematic-ccu2-xml-rpc

関連する脆弱性情報

CVE-2018-696810.0

The VMware AirWatch Agent for Android prior to 8.2 and AirWatch Agent for Windows Mobile prior to 6.5.2 contain a remote code exec...

CVE-2018-1246410.0

A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows a...

CVE-2018-1472110.0

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by ...

CVE-2018-1904710.0

mPDF through 7.1.6, if deployed as a web application that accepts arbitrary HTML, allows SSRF, as demonstrated by a '<img src="htt...