Sign-up

ID

VAR-201911-0658


CVE

CVE-2019-18939


TITLE

eQ-3 Homematic and HM-Print Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-012057

DESCRIPTION

eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the HM-Print AddOn through 1.2a installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the exec.cgi and exec1.cgi scripts, which execute TCL script content from an HTTP POST request. eQ-3 Homematic CCU2 , CCU3 , HM-Print Contains an input validation vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Both eQ-3 Homematic CCU3 and eQ-3 Homematic CCU2 are central control units of a smart home system produced by German eQ-3 company. HM-Print AddOn 1.2a and earlier versions in eQ-3 Homematic CCU2 version 2.47.20 and CCU3 version 3.47.18 have security vulnerabilities. An attacker could exploit this vulnerability to execute code

Trust: 1.71

sources: NVD: CVE-2019-18939 // JVNDB: JVNDB-2019-012057 // VULHUB: VHN-151335

AFFECTED PRODUCTS

vendor:hm printmodel:hm-printscope:eqversion:1.2a

Trust: 1.6

vendor:eq 3model:homematic ccu3scope:eqversion:3.47.18

Trust: 1.6

vendor:hm printmodel:hm-printscope:eqversion:1.2

Trust: 1.6

vendor:eq 3model:homematic ccu2scope:eqversion:2.47.20

Trust: 1.6

vendor:eq 3model:ccu2scope:eqversion:2.47.20

Trust: 0.8

vendor:eq 3model:ccu3scope:eqversion:3.47.18

Trust: 0.8

vendor:hm printmodel:hm-printscope:lteversion:1.2a

Trust: 0.8

vendor:eq 3model:homematic ccu2scope:eqversion: -

Trust: 0.6

vendor:eq 3model:homematic ccu3scope:eqversion: -

Trust: 0.6

sources: JVNDB: JVNDB-2019-012057 // CNNVD: CNNVD-201911-986 // NVD: CVE-2019-18939

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-18939
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-18939
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201911-986
value: CRITICAL

Trust: 0.6

VULHUB: VHN-151335
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-18939
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-151335
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-18939
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-18939
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-151335 // JVNDB: JVNDB-2019-012057 // CNNVD: CNNVD-201911-986 // NVD: CVE-2019-18939

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.0

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-151335 // JVNDB: JVNDB-2019-012057 // NVD: CVE-2019-18939

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201911-986

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201911-986

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-012057

PATCH
title:Top Pageurl:https://www.eq-3.com/
Trust: 0.8
title:hm-printurl:https://github.com/litti/hm-print
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-012057

EXTERNAL IDS
db:NVDid:CVE-2019-18939
Trust: 2.5
db:JVNDBid:JVNDB-2019-012057
Trust: 0.8
db:CNNVDid:CNNVD-201911-986
Trust: 0.7
db:VULHUBid:VHN-151335
Trust: 0.1
sources:
            
            
            VULHUB: VHN-151335 // 
            
            
            
            JVNDB: JVNDB-2019-012057 // 
            
            
            
            CNNVD: CNNVD-201911-986 // 
            
            
            
            NVD: CVE-2019-18939

REFERENCES
url:https://psytester.github.io/cve-2019-18939/
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2019-18939
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18939
Trust: 0.8
sources:
            
            
            VULHUB: VHN-151335 // 
            
            
            
            JVNDB: JVNDB-2019-012057 // 
            
            
            
            CNNVD: CNNVD-201911-986 // 
            
            
            
            NVD: CVE-2019-18939

SOURCES
db:VULHUBid:VHN-151335
db:JVNDBid:JVNDB-2019-012057
db:CNNVDid:CNNVD-201911-986
db:NVDid:CVE-2019-18939

LAST UPDATE DATE
2024-11-23T21:51:50.622000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-151335date:2019-11-19T00:00:00
db:JVNDBid:JVNDB-2019-012057date:2019-11-25T00:00:00
db:CNNVDid:CNNVD-201911-986date:2019-11-20T00:00:00
db:NVDid:CVE-2019-18939date:2024-11-21T04:33:52.900

SOURCES RELEASE DATE
db:VULHUBid:VHN-151335date:2019-11-14T00:00:00
db:JVNDBid:JVNDB-2019-012057date:2019-11-25T00:00:00
db:CNNVDid:CNNVD-201911-986date:2019-11-14T00:00:00
db:NVDid:CVE-2019-18939date:2019-11-14T19:15:13.410