Search criteria
3 vulnerabilities found for hm_email by hm_email_project
FKIE_CVE-2019-18938
Vulnerability from fkie_nvd - Published: 2019-11-14 19:15 - Updated: 2024-11-21 04:33
Severity ?
Summary
eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the E-Mail AddOn through 1.6.8.c installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the save.cgi script for payload upload and the testtcl.cgi script for its execution.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://psytester.github.io/CVE-2019-18938/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://psytester.github.io/CVE-2019-18938/ | Exploit, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hm_email_project:hm_email:1.6.8c:*:*:*:*:*:*:*",
"matchCriteriaId": "8E4A5F42-1C14-41B9-A8EA-09F65B4021A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:eq-3:homematic_ccu2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C2CF19C-7EDE-4E3C-A736-E6736FF03FDC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:eq-3:homematic_ccu2_firmware:2.24.20:*:*:*:*:*:*:*",
"matchCriteriaId": "21BF0340-7566-4DE6-8AEE-FBB8C63465F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hm_email_project:hm_email:1.6.8c:*:*:*:*:*:*:*",
"matchCriteriaId": "8E4A5F42-1C14-41B9-A8EA-09F65B4021A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:eq-3:homematic_ccu3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33113AD0-F378-49B2-BCFC-C57B52FD3A04",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:eq-3:homematic_ccu3_firmware:3.47.18:*:*:*:*:*:*:*",
"matchCriteriaId": "285F4E29-E299-4F83-9F7E-BB19933AD654",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hm_email_project:hm_email:1.6.8b:*:*:*:*:*:*:*",
"matchCriteriaId": "B031EAFD-2BED-4A83-92F4-A4914EBD3013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:eq-3:homematic_ccu2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C2CF19C-7EDE-4E3C-A736-E6736FF03FDC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:eq-3:homematic_ccu2_firmware:2.24.20:*:*:*:*:*:*:*",
"matchCriteriaId": "21BF0340-7566-4DE6-8AEE-FBB8C63465F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hm_email_project:hm_email:1.6.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "2509512A-0851-4DED-AF9A-797952DEC2D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:eq-3:homematic_ccu2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C2CF19C-7EDE-4E3C-A736-E6736FF03FDC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:eq-3:homematic_ccu2_firmware:2.24.20:*:*:*:*:*:*:*",
"matchCriteriaId": "21BF0340-7566-4DE6-8AEE-FBB8C63465F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hm_email_project:hm_email:1.6.7c:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6EB4B6-C529-43BA-9440-1DA07F443C8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:eq-3:homematic_ccu2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C2CF19C-7EDE-4E3C-A736-E6736FF03FDC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:eq-3:homematic_ccu2_firmware:2.24.20:*:*:*:*:*:*:*",
"matchCriteriaId": "21BF0340-7566-4DE6-8AEE-FBB8C63465F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hm_email_project:hm_email:1.6.7b:*:*:*:*:*:*:*",
"matchCriteriaId": "E2534D3D-47AE-4446-A57E-126EC1A59631",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:eq-3:homematic_ccu2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C2CF19C-7EDE-4E3C-A736-E6736FF03FDC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:eq-3:homematic_ccu2_firmware:2.24.20:*:*:*:*:*:*:*",
"matchCriteriaId": "21BF0340-7566-4DE6-8AEE-FBB8C63465F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hm_email_project:hm_email:1.6.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "E1C08DB9-674E-4E2B-B744-D48A9746E1C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:eq-3:homematic_ccu2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C2CF19C-7EDE-4E3C-A736-E6736FF03FDC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:eq-3:homematic_ccu2_firmware:2.24.20:*:*:*:*:*:*:*",
"matchCriteriaId": "21BF0340-7566-4DE6-8AEE-FBB8C63465F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hm_email_project:hm_email:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A2A4373A-BE30-4303-8ADA-CADB826EE4C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:eq-3:homematic_ccu2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C2CF19C-7EDE-4E3C-A736-E6736FF03FDC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:eq-3:homematic_ccu2_firmware:2.24.20:*:*:*:*:*:*:*",
"matchCriteriaId": "21BF0340-7566-4DE6-8AEE-FBB8C63465F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hm_email_project:hm_email:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C26EFB36-2187-491E-B47E-A940A026451B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:eq-3:homematic_ccu2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C2CF19C-7EDE-4E3C-A736-E6736FF03FDC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:eq-3:homematic_ccu2_firmware:2.24.20:*:*:*:*:*:*:*",
"matchCriteriaId": "21BF0340-7566-4DE6-8AEE-FBB8C63465F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hm_email_project:hm_email:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6850D0-4416-49E8-AB9E-BBA746940E8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:eq-3:homematic_ccu2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C2CF19C-7EDE-4E3C-A736-E6736FF03FDC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:eq-3:homematic_ccu2_firmware:2.24.20:*:*:*:*:*:*:*",
"matchCriteriaId": "21BF0340-7566-4DE6-8AEE-FBB8C63465F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hm_email_project:hm_email:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8CCC8AB6-0EA3-411C-9918-3351B50CF316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:eq-3:homematic_ccu2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C2CF19C-7EDE-4E3C-A736-E6736FF03FDC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:eq-3:homematic_ccu2_firmware:2.24.20:*:*:*:*:*:*:*",
"matchCriteriaId": "21BF0340-7566-4DE6-8AEE-FBB8C63465F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hm_email_project:hm_email:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "302A36BE-0D97-471E-A0B1-60A6CD70A02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:eq-3:homematic_ccu2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C2CF19C-7EDE-4E3C-A736-E6736FF03FDC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:eq-3:homematic_ccu2_firmware:2.24.20:*:*:*:*:*:*:*",
"matchCriteriaId": "21BF0340-7566-4DE6-8AEE-FBB8C63465F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hm_email_project:hm_email:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3C98214-5075-4663-B4DE-B227F0D2F349",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:eq-3:homematic_ccu2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C2CF19C-7EDE-4E3C-A736-E6736FF03FDC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:eq-3:homematic_ccu2_firmware:2.24.20:*:*:*:*:*:*:*",
"matchCriteriaId": "21BF0340-7566-4DE6-8AEE-FBB8C63465F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hm_email_project:hm_email:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "506C69A0-1162-43FA-AAC1-A6EFA619DFCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:eq-3:homematic_ccu2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C2CF19C-7EDE-4E3C-A736-E6736FF03FDC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:eq-3:homematic_ccu2_firmware:2.24.20:*:*:*:*:*:*:*",
"matchCriteriaId": "21BF0340-7566-4DE6-8AEE-FBB8C63465F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hm_email_project:hm_email:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1A27F99A-063B-4285-8B69-89809A5324A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:eq-3:homematic_ccu2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C2CF19C-7EDE-4E3C-A736-E6736FF03FDC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:eq-3:homematic_ccu2_firmware:2.24.20:*:*:*:*:*:*:*",
"matchCriteriaId": "21BF0340-7566-4DE6-8AEE-FBB8C63465F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hm_email_project:hm_email:1.6.8b:*:*:*:*:*:*:*",
"matchCriteriaId": "B031EAFD-2BED-4A83-92F4-A4914EBD3013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:eq-3:homematic_ccu3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33113AD0-F378-49B2-BCFC-C57B52FD3A04",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:eq-3:homematic_ccu3_firmware:3.47.18:*:*:*:*:*:*:*",
"matchCriteriaId": "285F4E29-E299-4F83-9F7E-BB19933AD654",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hm_email_project:hm_email:1.6.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "2509512A-0851-4DED-AF9A-797952DEC2D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:eq-3:homematic_ccu3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33113AD0-F378-49B2-BCFC-C57B52FD3A04",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:eq-3:homematic_ccu3_firmware:3.47.18:*:*:*:*:*:*:*",
"matchCriteriaId": "285F4E29-E299-4F83-9F7E-BB19933AD654",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hm_email_project:hm_email:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1A27F99A-063B-4285-8B69-89809A5324A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:eq-3:homematic_ccu3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33113AD0-F378-49B2-BCFC-C57B52FD3A04",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:eq-3:homematic_ccu3_firmware:3.47.18:*:*:*:*:*:*:*",
"matchCriteriaId": "285F4E29-E299-4F83-9F7E-BB19933AD654",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hm_email_project:hm_email:1.6.7c:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6EB4B6-C529-43BA-9440-1DA07F443C8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:eq-3:homematic_ccu3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33113AD0-F378-49B2-BCFC-C57B52FD3A04",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:eq-3:homematic_ccu3_firmware:3.47.18:*:*:*:*:*:*:*",
"matchCriteriaId": "285F4E29-E299-4F83-9F7E-BB19933AD654",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hm_email_project:hm_email:1.6.7b:*:*:*:*:*:*:*",
"matchCriteriaId": "E2534D3D-47AE-4446-A57E-126EC1A59631",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:eq-3:homematic_ccu3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33113AD0-F378-49B2-BCFC-C57B52FD3A04",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:eq-3:homematic_ccu3_firmware:3.47.18:*:*:*:*:*:*:*",
"matchCriteriaId": "285F4E29-E299-4F83-9F7E-BB19933AD654",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hm_email_project:hm_email:1.6.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "E1C08DB9-674E-4E2B-B744-D48A9746E1C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:eq-3:homematic_ccu3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33113AD0-F378-49B2-BCFC-C57B52FD3A04",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:eq-3:homematic_ccu3_firmware:3.47.18:*:*:*:*:*:*:*",
"matchCriteriaId": "285F4E29-E299-4F83-9F7E-BB19933AD654",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hm_email_project:hm_email:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A2A4373A-BE30-4303-8ADA-CADB826EE4C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:eq-3:homematic_ccu3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33113AD0-F378-49B2-BCFC-C57B52FD3A04",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:eq-3:homematic_ccu3_firmware:3.47.18:*:*:*:*:*:*:*",
"matchCriteriaId": "285F4E29-E299-4F83-9F7E-BB19933AD654",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hm_email_project:hm_email:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C26EFB36-2187-491E-B47E-A940A026451B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:eq-3:homematic_ccu3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33113AD0-F378-49B2-BCFC-C57B52FD3A04",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:eq-3:homematic_ccu3_firmware:3.47.18:*:*:*:*:*:*:*",
"matchCriteriaId": "285F4E29-E299-4F83-9F7E-BB19933AD654",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hm_email_project:hm_email:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6850D0-4416-49E8-AB9E-BBA746940E8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:eq-3:homematic_ccu3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33113AD0-F378-49B2-BCFC-C57B52FD3A04",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:eq-3:homematic_ccu3_firmware:3.47.18:*:*:*:*:*:*:*",
"matchCriteriaId": "285F4E29-E299-4F83-9F7E-BB19933AD654",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hm_email_project:hm_email:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8CCC8AB6-0EA3-411C-9918-3351B50CF316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:eq-3:homematic_ccu3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33113AD0-F378-49B2-BCFC-C57B52FD3A04",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:eq-3:homematic_ccu3_firmware:3.47.18:*:*:*:*:*:*:*",
"matchCriteriaId": "285F4E29-E299-4F83-9F7E-BB19933AD654",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hm_email_project:hm_email:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "302A36BE-0D97-471E-A0B1-60A6CD70A02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:eq-3:homematic_ccu3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33113AD0-F378-49B2-BCFC-C57B52FD3A04",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:eq-3:homematic_ccu3_firmware:3.47.18:*:*:*:*:*:*:*",
"matchCriteriaId": "285F4E29-E299-4F83-9F7E-BB19933AD654",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hm_email_project:hm_email:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3C98214-5075-4663-B4DE-B227F0D2F349",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:eq-3:homematic_ccu3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33113AD0-F378-49B2-BCFC-C57B52FD3A04",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:eq-3:homematic_ccu3_firmware:3.47.18:*:*:*:*:*:*:*",
"matchCriteriaId": "285F4E29-E299-4F83-9F7E-BB19933AD654",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hm_email_project:hm_email:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "506C69A0-1162-43FA-AAC1-A6EFA619DFCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:eq-3:homematic_ccu3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33113AD0-F378-49B2-BCFC-C57B52FD3A04",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:eq-3:homematic_ccu3_firmware:3.47.18:*:*:*:*:*:*:*",
"matchCriteriaId": "285F4E29-E299-4F83-9F7E-BB19933AD654",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the E-Mail AddOn through 1.6.8.c installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the save.cgi script for payload upload and the testtcl.cgi script for its execution."
},
{
"lang": "es",
"value": "eQ-3 Homematic CCU2 versi\u00f3n 2.47.20 y CCU3 versi\u00f3n 3.47.18 con el AddOn E-Mail instalado versiones hasta 1.6.8.c, permite la Ejecuci\u00f3n de C\u00f3digo Remota por parte de atacantes no autenticados con acceso a la interfaz web por medio de l script save.cgi para cargar una carga \u00fatil y el script testtcl.cgi para su ejecuci\u00f3n."
}
],
"id": "CVE-2019-18938",
"lastModified": "2024-11-21T04:33:52.720",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-14T19:15:13.347",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://psytester.github.io/CVE-2019-18938/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://psytester.github.io/CVE-2019-18938/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2019-18938 (GCVE-0-2019-18938)
Vulnerability from cvelistv5 – Published: 2019-11-14 18:52 – Updated: 2024-08-05 02:02
VLAI?
Summary
eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the E-Mail AddOn through 1.6.8.c installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the save.cgi script for payload upload and the testtcl.cgi script for its execution.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:39.909Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://psytester.github.io/CVE-2019-18938/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the E-Mail AddOn through 1.6.8.c installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the save.cgi script for payload upload and the testtcl.cgi script for its execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-14T18:52:33",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://psytester.github.io/CVE-2019-18938/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18938",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the E-Mail AddOn through 1.6.8.c installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the save.cgi script for payload upload and the testtcl.cgi script for its execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://psytester.github.io/CVE-2019-18938/",
"refsource": "MISC",
"url": "https://psytester.github.io/CVE-2019-18938/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18938",
"datePublished": "2019-11-14T18:52:33",
"dateReserved": "2019-11-13T00:00:00",
"dateUpdated": "2024-08-05T02:02:39.909Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18938 (GCVE-0-2019-18938)
Vulnerability from nvd – Published: 2019-11-14 18:52 – Updated: 2024-08-05 02:02
VLAI?
Summary
eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the E-Mail AddOn through 1.6.8.c installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the save.cgi script for payload upload and the testtcl.cgi script for its execution.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:39.909Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://psytester.github.io/CVE-2019-18938/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the E-Mail AddOn through 1.6.8.c installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the save.cgi script for payload upload and the testtcl.cgi script for its execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-14T18:52:33",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://psytester.github.io/CVE-2019-18938/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18938",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the E-Mail AddOn through 1.6.8.c installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the save.cgi script for payload upload and the testtcl.cgi script for its execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://psytester.github.io/CVE-2019-18938/",
"refsource": "MISC",
"url": "https://psytester.github.io/CVE-2019-18938/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18938",
"datePublished": "2019-11-14T18:52:33",
"dateReserved": "2019-11-13T00:00:00",
"dateUpdated": "2024-08-05T02:02:39.909Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}