Sign-up

ID

VAR-202005-0171


CVE

CVE-2020-12834


TITLE

eQ-3 Homematic Central Control Unit 2 and CCU3 Vulnerability regarding improper default permissions in

Trust: 0.8

sources: JVNDB: JVNDB-2020-005667

DESCRIPTION

eQ-3 Homematic Central Control Unit (CCU)2 through 2.51.6 and CCU3 through 3.51.6 allow Remote Code Execution in the JSON API Method ReGa.runScript, by unauthenticated attackers with access to the web interface, due to the default auto-login feature being enabled during first-time setup (or factory reset). eQ-3 Homematic Central Control Unit (CCU)2 and CCU3 There is a vulnerability in improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Both eQ-3 Homematic CCU3 and eQ-3 HomeMatic CCU2 are central control units of a smart home system from German eQ-3 company. eQ-3 Homematic CCU2 2.51.6 and earlier versions and CCU3 3.51.6 and earlier versions have security vulnerabilities

Trust: 2.16

sources: NVD: CVE-2020-12834 // JVNDB: JVNDB-2020-005667 // CNVD: CNVD-2020-33493

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-33493

AFFECTED PRODUCTS

vendor:eq 3model:homematic ccu2scope:lteversion:2.51.6

Trust: 1.0

vendor:eq 3model:ccu3scope:lteversion:3.51.6

Trust: 1.0

vendor:eq 3model:ccu2scope:eqversion:2.51.6

Trust: 0.8

vendor:eq 3model:ccu3scope:eqversion:3.51.6

Trust: 0.8

vendor:eq 3model:homematic ccu2scope:lteversion:<=2.51.6

Trust: 0.6

vendor:eq 3model:eq-3 homematic ccu3scope:lteversion:<=3.51.6

Trust: 0.6

sources: CNVD: CNVD-2020-33493 // JVNDB: JVNDB-2020-005667 // NVD: CVE-2020-12834

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-12834
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-005667
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-33493
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202005-828
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2020-12834
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-005667
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-33493
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-12834
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-005667
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-33493 // JVNDB: JVNDB-2020-005667 // CNNVD: CNNVD-202005-828 // NVD: CVE-2020-12834

PROBLEMTYPE DATA

problemtype:CWE-276

Trust: 1.8

sources: JVNDB: JVNDB-2020-005667 // NVD: CVE-2020-12834

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202005-828

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202005-828

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-005667

PATCH
title:Top Pageurl:https://www.eq-3.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-005667

EXTERNAL IDS
db:NVDid:CVE-2020-12834
Trust: 3.0
db:JVNDBid:JVNDB-2020-005667
Trust: 0.8
db:CNVDid:CNVD-2020-33493
Trust: 0.6
db:CNNVDid:CNNVD-202005-828
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-33493 // 
            
            
            
            JVNDB: JVNDB-2020-005667 // 
            
            
            
            CNNVD: CNNVD-202005-828 // 
            
            
            
            NVD: CVE-2020-12834

REFERENCES
url:https://psytester.github.io/cve-2020-12834/
Trust: 3.0
url:https://nvd.nist.gov/vuln/detail/cve-2020-12834
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12834
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-33493 // 
            
            
            
            JVNDB: JVNDB-2020-005667 // 
            
            
            
            CNNVD: CNNVD-202005-828 // 
            
            
            
            NVD: CVE-2020-12834

SOURCES
db:CNVDid:CNVD-2020-33493
db:JVNDBid:JVNDB-2020-005667
db:CNNVDid:CNNVD-202005-828
db:NVDid:CVE-2020-12834

LAST UPDATE DATE
2024-11-23T22:05:38.869000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-33493date:2020-06-18T00:00:00
db:JVNDBid:JVNDB-2020-005667date:2020-06-19T00:00:00
db:CNNVDid:CNNVD-202005-828date:2020-05-22T00:00:00
db:NVDid:CVE-2020-12834date:2024-11-21T05:00:22.087

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-33493date:2020-06-18T00:00:00
db:JVNDBid:JVNDB-2020-005667date:2020-06-19T00:00:00
db:CNNVDid:CNNVD-202005-828date:2020-05-15T00:00:00
db:NVDid:CVE-2020-12834date:2020-05-15T17:15:12.500