CVE-2019-15849
HIGHeQ-3 HomeMatic CCU3 firmware 3.41.11 - Session Fixation
Title source: llmDescription
eQ-3 HomeMatic CCU3 firmware 3.41.11 allows session fixation. An attacker can create session IDs and send them to the victim. After the victim logs in to the session, the attacker can use that session. The attacker could create SSH logins after a valid session and easily compromise the system.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.eq-3.com/products/homematic.html
Exploit, Mitigation, Third Party Advisory x_refsource_misc
https://noskill1337.github.io/homematic-ccu3-session-fixation
Scores
CVSS v3
7.3
EPSS
0.0082
EPSS Percentile
52.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Details
CWE
CWE-384
Status
published
Products (1)
eq-3/homematic_ccu3_firmware
3.14.11
Published
Oct 17, 2019
Tracked Since
Feb 18, 2026