CVE-2018-7297

CRITICAL EXPLOITED IN THE WILD

Homematic CCU2 Firmware < 2.29.22 - Unauthenticated Remote Code Execution via TCL Script Interpreter

Title source: llm

Exploitation Summary

CVE-2018-7297 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io). EIP tracks 1 public exploit from researchers including Patrick Muench and Gregor Kopf.

AI-analyzed exploit summary This Ruby script exploits CVE-2018-7297, a remote command execution vulnerability in Homematic CCU2. It sends a crafted POST request to the Test.exe endpoint, injecting a TCL command via the system.Exec function to achieve RCE.

Description

Remote Code Execution in the TCL script interpreter in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to obtain read/write access and execute system commands on the device. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.

Exploits (1)

exploitdb WORKING POC

by Patrick Muench and Gregor Kopf · rubywebappscgi

https://www.exploit-db.com/exploits/44368

View Code ZIP pw:eip

This Ruby script exploits CVE-2018-7297, a remote command execution vulnerability in Homematic CCU2. It sends a crafted POST request to the Test.exe endpoint, injecting a TCL command via the system.Exec function to achieve RCE.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Homematic CCU2 version 2.29.23

No auth needed

Prerequisites: Network access to the target Homematic CCU2 device · Target device must be running vulnerable firmware version

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory x_refsource_misc

http://atomic111.github.io/article/homematic-ccu2-remote-code-execution

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/44368/

Scores

CVSS v3 9.8

EPSS 0.5930

EPSS Percentile 98.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2019-06-12

InTheWild.io 2019-12-13

Status published

Products (1)

eq-3/homematic_central_control_unit_ccu2_firmware < 2.29.22

Published Feb 22, 2018

Tracked Since Feb 18, 2026