CVE-2019-10122

CRITICAL

eQ-3 CCU2 < 2.41.9 and CCU3 < 3.43.16 - Remote Code Execution via ReGa HTTP-Server Buffer Overflow

Title source: manual
STIX 2.1

Description

eQ-3 HomeMatic CCU2 devices before 2.41.9 and CCU3 devices before 3.43.16 have buffer overflows in the ReGa ise GmbH HTTP-Server 2.0 component, aka HMCCU-179. This may lead to remote code execution.

References (2)

Core 2

Scores

CVSS v3 9.8
EPSS 0.0408
EPSS Percentile 89.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (2)
eq-3/ccu2_firmware < 2.41.9
eq-3/ccu3_firmware < 3.43.16
Published Jul 10, 2019
Tracked Since Feb 18, 2026