CVE-2019-16199
CRITICALeQ-3 Homematic CCU2 <2.47.18 & CCU3 <3.47.18 - RCE
Title source: llmDescription
eQ-3 Homematic CCU2 before 2.47.18 and CCU3 before 3.47.18 allow Remote Code Execution by unauthenticated attackers with access to the web interface via an HTTP POST request to certain URLs related to the ReGa core process.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://psytester.github.io/CVE-2019-16199/
Scores
CVSS v3
9.8
EPSS
0.1314
EPSS Percentile
95.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-306
Status
published
Products (2)
eq-3/homematic_ccu2_firmware
< 2.47.18
eq-3/homematic_ccu3_firmware
< 3.47.18
Published
Sep 17, 2019
Tracked Since
Feb 18, 2026