cnvd - cnvd-2020-33493

CNVD-2020-33493

Vulnerability from cnvd - Published: 2020-06-18

Title

eQ-3 Homematic CCU2和CCU3存在未明漏洞

Description

eQ-3 Homematic CCU3和eQ-3 HomeMatic CCU2都是德国eQ-3公司的一款智能家居系统的中央控制单元。 eQ-3 Homematic CCU2 2.51.6及之前版本和CCU3 3.51.6及之前版本中存在安全漏洞，该漏洞源于在第一次设置（或恢复出厂设备）时，开启了默认的自动登录功能，攻击者可借助JSON API方法的ReGa.runScript利用该漏洞执行代码。

Severity

高

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://www.eq-3.com

Reference

https://psytester.github.io/CVE-2020-12834/

Impacted products

Name
['eq-3 HomeMatic CCU2 <=2.51.6', 'eq-3 eQ-3 Homematic CCU3 <=3.51.6']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-12834"
    }
  },
  "description": "eQ-3 Homematic CCU3\u548ceQ-3 HomeMatic CCU2\u90fd\u662f\u5fb7\u56fdeQ-3\u516c\u53f8\u7684\u4e00\u6b3e\u667a\u80fd\u5bb6\u5c45\u7cfb\u7edf\u7684\u4e2d\u592e\u63a7\u5236\u5355\u5143\u3002\n\neQ-3 Homematic CCU2 2.51.6\u53ca\u4e4b\u524d\u7248\u672c\u548cCCU3 3.51.6\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728\u7b2c\u4e00\u6b21\u8bbe\u7f6e\uff08\u6216\u6062\u590d\u51fa\u5382\u8bbe\u5907\uff09\u65f6\uff0c\u5f00\u542f\u4e86\u9ed8\u8ba4\u7684\u81ea\u52a8\u767b\u5f55\u529f\u80fd\uff0c\u653b\u51fb\u8005\u53ef\u501f\u52a9JSON API\u65b9\u6cd5\u7684ReGa.runScript\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4ee3\u7801\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://www.eq-3.com",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-33493",
  "openTime": "2020-06-18",
  "products": {
    "product": [
      "eq-3 HomeMatic CCU2 \u003c=2.51.6",
      "eq-3 eQ-3 Homematic CCU3 \u003c=3.51.6"
    ]
  },
  "referenceLink": "https://psytester.github.io/CVE-2020-12834/",
  "serverity": "\u9ad8",
  "submitTime": "2020-05-18",
  "title": "eQ-3 Homematic CCU2\u548cCCU3\u5b58\u5728\u672a\u660e\u6f0f\u6d1e"
}

CVE-2020-12834 (GCVE-0-2020-12834)

Vulnerability from cvelistv5 – Published: 2020-05-15 16:14 – Updated: 2024-08-04 12:04

Summary

eQ-3 Homematic Central Control Unit (CCU)2 through 2.51.6 and CCU3 through 3.51.6 allow Remote Code Execution in the JSON API Method ReGa.runScript, by unauthenticated attackers with access to the web interface, due to the default auto-login feature being enabled during first-time setup (or factory reset).

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

https://psytester.github.io/CVE-2020-12834/

x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:04:22.903Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://psytester.github.io/CVE-2020-12834/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "eQ-3 Homematic Central Control Unit (CCU)2 through 2.51.6 and CCU3 through 3.51.6 allow Remote Code Execution in the JSON API Method ReGa.runScript, by unauthenticated attackers with access to the web interface, due to the default auto-login feature being enabled during first-time setup (or factory reset)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-05-15T16:14:49",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://psytester.github.io/CVE-2020-12834/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-12834",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "eQ-3 Homematic Central Control Unit (CCU)2 through 2.51.6 and CCU3 through 3.51.6 allow Remote Code Execution in the JSON API Method ReGa.runScript, by unauthenticated attackers with access to the web interface, due to the default auto-login feature being enabled during first-time setup (or factory reset)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://psytester.github.io/CVE-2020-12834/",
              "refsource": "MISC",
              "url": "https://psytester.github.io/CVE-2020-12834/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-12834",
    "datePublished": "2020-05-15T16:14:49",
    "dateReserved": "2020-05-13T00:00:00",
    "dateUpdated": "2024-08-04T12:04:22.903Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2020-33493

CVE-2020-12834 (GCVE-0-2020-12834)

Tags

Sightings

Nomenclature