Security Advisory

CVE-2020-12834

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-05-15 16:14:49

Last updated 2024-08-04 12:04:22

Assigner mitre

State PUBLISHED

Description

eQ-3 Homematic Central Control Unit (CCU)2 through 2.51.6 and CCU3 through 3.51.6 allow Remote Code Execution in the JSON API Method ReGa.runScript, by unauthenticated attackers with access to the web interface, due to the default auto-login feature being enabled during first-time setup (or factory reset).

← Browse all CVEs View on cve.org ↗