eQ-3 Homematic CCU3 AddOn 'Mediola NEO Server for Homematic CCU3' prior to 2.4.5 allows uncontrolled admin access to start or stop the Node.js process, resulting in the ability to obtain mediola configuration details. This is related to improper access control for addons configuration pages and a missing check in rc.d/97NeoServer.
References
Link | Resource |
---|---|
https://github.com/psytester/psytester.github.io/blob/master/_posts/hacking_and_pentests/CVEs/2019-06-29-CVE-2019-13030.md | Exploit Third Party Advisory |
https://psytester.github.io/CVE-2019-13030/ | Exploit Third Party Advisory |
Configurations
Information
Published : 2019-08-14 14:15
Updated : 2020-08-24 10:37
NVD link : CVE-2019-13030
Mitre link : CVE-2019-13030
JSON object : View
CWE
CWE-425
Direct Request ('Forced Browsing')
Products Affected
mediola
- neo_server