CVE-2019-9585

moderate-risk

Published 2019-08-14

eQ-3 Homematic CCU2 prior to 2.47.10 and CCU3 prior to 3.47.10 JSON API has Improper Access Control for Interface.***Metadata related operations, resulting in the ability to read, set and deletion of Metadata.

Do I need to act?

0.45% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (2)

Homematic Ccu2 Firmware

Homematic Ccu3 Firmware

Affected Vendors

Eq-3

References (4)

Exploit https://github.com/psytester/psytester.github.io/blob/master/_posts/hacking_and_...

Exploit https://psytester.github.io/CVE-2019-9585/

Exploit https://github.com/psytester/psytester.github.io/blob/master/_posts/hacking_and_...

Exploit https://psytester.github.io/CVE-2019-9585/

/ 100

moderate-risk

Severity 32/34 · Critical

Exploitability 2/34 · Minimal

Exposure 7/34 · Low