CVE-2019-13030

HIGH

eQ-3 Homematic CCU3 - Info Disclosure

Title source: llm

Description

eQ-3 Homematic CCU3 AddOn 'Mediola NEO Server for Homematic CCU3' prior to 2.4.5 allows uncontrolled admin access to start or stop the Node.js process, resulting in the ability to obtain mediola configuration details. This is related to improper access control for addons configuration pages and a missing check in rc.d/97NeoServer.

References (2)

[Exploit, Third Party Advisory] https://psytester.github.io/CVE-2019-13030/

[Exploit, Third Party Advisory] https://github.com/psytester/psytester.github.io/blob/master/_posts/hacking_and_pentests/CVEs/2019-06-29-CVE-2019-13030.md

View Exploit ZIP pw:eip

Scores

CVSS v3 8.2

EPSS 0.0035

EPSS Percentile 57.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Details

CWE

CWE-425

Status published

Products (1)

mediola/neo_server < 2.4.5

Published Aug 14, 2019

Tracked Since Feb 18, 2026