CVE-2019-9584

CRITICAL

eQ-3 Homematic AddOn 'CloudMatic' - Privilege Escalation

Title source: llm

Description

eQ-3 Homematic AddOn 'CloudMatic' on CCU2 and CCU3 allows uncontrolled admin access, resulting in the ability to obtain VPN profile details, shutting down the VPN service and to delete the VPN service configuration. This is related to improper access control for all /addons/mh/ pages.

References (2)

[Exploit, Third Party Advisory] https://github.com/psytester/psytester.github.io/blob/master/_posts/hacking_and_pentests/CVEs/2019-03-27-CVE-2019-9584.md

View Exploit ZIP pw:eip

[Exploit, Third Party Advisory] https://psytester.github.io/CVE-2019-9584/

Scores

CVSS v3 9.8

EPSS 0.0045

EPSS Percentile 63.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-425

Status published

Products (2)

eq-3/homematic_ccu2_firmware < 2.47.15

eq-3/homematic_ccu3_firmware < 3.47.15

Published Aug 14, 2019

Tracked Since Feb 18, 2026