CVE-2019-9726

HIGH NUCLEI

eQ-3 AG Homematic CCU3 <3.43.15 - Path Traversal

Title source: llm

Description

Directory Traversal / Arbitrary File Read in eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to read arbitrary files of the device's filesystem. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.

Nuclei Templates (1)

Homematic CCU3 - Local File Inclusion

HIGHby 0x_Akoko

References (1)

[Exploit, Third Party Advisory] https://atomic111.github.io/article/homematic-ccu3-fileread

Scores

CVSS v3 7.5

EPSS 0.5972

EPSS Percentile 98.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-22

Status published

Products (1)

eq-3/ccu3_firmware < 3.43.15

Published May 13, 2019

Tracked Since Feb 18, 2026