CVE-2019-9727

Unauthenticated password hash disclosure in the User.getUserPWD method in eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to retrieve the GUI password hashes of GUI users. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:eq-3:ccu3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:eq-3:ccu3:-:*:*:*:*:*:*:*

Information

Published : 2019-05-13 10:29

Updated : 2020-08-24 10:37


NVD link : CVE-2019-9727

Mitre link : CVE-2019-9727


JSON object : View

CWE
CWE-306

Missing Authentication for Critical Function

Advertisement

dedicated server usa

Products Affected

eq-3

  • ccu3
  • ccu3_firmware