Overview
- Description
- Directory Traversal / Arbitrary File Read in User.getLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to read the first line of an arbitrary file on the CCU2's filesystem. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 5.3
- Impact score
- 1.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-22
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:eq-3:homematic_central_control_unit_ccu2_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "65FE646C-A557-4FB1-8C74-655BF6820784",
"versionEndIncluding": "2.29.22"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:eq-3:homematic_central_control_unit_ccu2:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "250E0A8B-A3F3-4A65-9C9D-8327EB1D99E5"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]