CVE-2019-9584

CRITICAL

eQ-3 Homematic AddOn 'CloudMatic' - Privilege Escalation

Title source: llm

Description

eQ-3 Homematic AddOn 'CloudMatic' on CCU2 and CCU3 allows uncontrolled admin access, resulting in the ability to obtain VPN profile details, shutting down the VPN service and to delete the VPN service configuration. This is related to improper access control for all /addons/mh/ pages.

References (2)

Core 2

Core References

Exploit, Third Party Advisory x_refsource_misc

https://github.com/psytester/psytester.github.io/blob/master/_posts/hacking_and_pentests/CVEs/2019-03-27-CVE-2019-9584.md

View Exploit ZIP pw:eip

Exploit, Third Party Advisory x_refsource_misc

https://psytester.github.io/CVE-2019-9584/

Scores

CVSS v3 9.8

EPSS 0.0271

EPSS Percentile 84.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-425

Status published

Products (2)

eq-3/homematic_ccu2_firmware < 2.47.15

eq-3/homematic_ccu3_firmware < 3.47.15

Published Aug 14, 2019

Tracked Since Feb 18, 2026