CVE-2019-13030

eQ-3 Homematic CCU3 AddOn 'Mediola NEO Server for Homematic CCU3' prior to 2.4.5 allows uncontrolled admin access to start or stop the Node.js process, resulting in the ability to obtain mediola configuration details. This is related to improper access control for addons configuration pages and a missing check in rc.d/97NeoServer.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:mediola:neo_server:*:*:*:*:*:*:*:*

Information

Published : 2019-08-14 14:15

Updated : 2020-08-24 10:37


NVD link : CVE-2019-13030

Mitre link : CVE-2019-13030


JSON object : View

CWE
CWE-425

Direct Request ('Forced Browsing')

Advertisement

dedicated server usa

Products Affected

mediola

  • neo_server