Back to search
CVE-2019-14984
Published: Aug 13, 2019
Modified: Aug 5, 2024
PUBLISHED
Description
eQ-3 Homematic CCU2 and CCU3 with the XML-API through 1.2.0 AddOn installed allow Remote Code Execution by unauthenticated attackers with access to the web interface, because the undocumented addons/xmlapi/exec.cgi script uses CMD_EXEC to execute TCL code from a POST request.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://psytester.github.io/CVE-2019-14984/
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now