-
CVE-2019-15850: Remote Code Execution in HomeMatic central CCU3
The HomeMatic CCU3 firmware version 3.41.11 has a Remote Code Execution (RCE) vulnerability in the ReGa.runScript method of the WebUI component. An authenticated attacker can easily execute code and compromise the system.
-
CVE-2019-15849: Session Fixation in HomeMatic CCU3
HomeMatic CCU3 firmware 3.41.11 has a session fix vulnerability. An attacker can create a session ID and send it to the victim. After the victim log in to the WebUI, the attacker can use his session. The attacker could create a SSH login via the WebUI and easily compromise the...
-
CVE-2019-14423: Remote Code Execution in HomeMatic CUx-Daemon
A Remote Code Execution (RCE) issue in the addon CUx-Daemon Version 1.5 of the HomeMatic CCU-Firmware 2.35.16 until 2.45.6 allows remote authenticated attackers to execute system commands as root remotely via a simple HTTP Request.
-
CVE-2019-14424: Local File Inclusion in HomeMatic CUx-Daemon
A Local File Inclusion (LFI) issue in the addon CUx-Daemon Version 1.11a of the HomeMatic CCU-Firmware 2.35.16 until 2.45.6 allows remote authenticated attackers to read sensitive files via a simple HTTP Request.
-
CVE-2019-3702: Remote Code Execution in Lifesize Icon
A Remote Code Execution issue in the DNS Query Web UI in Lifesize Icon LS_RM3_3.7.0 (2421) allows remote authenticated attackers to execute arbitrary commands via a crafted DNS Query address field in a JSON API request.