CVE-2019-15849
N/A
N/A
Summary
eQ-3 HomeMatic CCU3 firmware 3.41.11 allows session fixation. An attacker can create session IDs and send them to the victim. After the victim logs in to the session, the attacker can use that session. The attacker could create SSH logins after a valid session and easily compromise the system.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://www.eq-3.com/products/homematic.html
- https://noskill1337.github.io/homematic-ccu3-session-fixation
References
- https://www.eq-3.com/products/homematic.html
- https://noskill1337.github.io/homematic-ccu3-session-fixation
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.