CVE-2018-7300

CRITICAL

Eq-3 Homematic Ccu2 Firmware < 2.29.22 - Path Traversal

Title source: rule

Description

Directory Traversal / Arbitrary File Write / Remote Code Execution in the User.setLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to write arbitrary files to the device's filesystem. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.

Exploits (1)

exploitdb WORKING POC

by Patrick Muench and Gregor Kopf · rubywebappscgi

https://www.exploit-db.com/exploits/44361

View Code ZIP pw:eip

References (2)

[Third Party Advisory] http://atomic111.github.io/article/homematic-ccu2-filewrite

[Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/44361/

Scores

CVSS v3 9.8

EPSS 0.1240

EPSS Percentile 93.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-22

Status published

Products (1)

eq-3/homematic_ccu2_firmware < 2.29.22

Published Feb 22, 2018

Tracked Since Feb 18, 2026