Details of VAR-201905-0205

ID

VAR-201905-0205

CVE

CVE-2019-9726

TITLE

eQ-3 AG Homematic CCU3 Path Traversal Vulnerability

Trust: 2.0

sources: CNVD: CNVD-2019-14692 // JVNDB: JVNDB-2019-004488 // CNNVD: CNNVD-201905-338

DESCRIPTION

Directory Traversal / Arbitrary File Read in eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to read arbitrary files of the device's filesystem. This vulnerability can be exploited by unauthenticated attackers with access to the web interface. eQ-3 AG Homematic CCU3 Contains a path traversal vulnerability.Information may be obtained. eQ-3AGHomematicCCU3 is a set of home automation control equipment from Germany eQ-3AG. The vulnerability stems from a network system or product failing to properly filter specific elements in a resource or file path

Trust: 2.34

sources: NVD: CVE-2019-9726 // JVNDB: JVNDB-2019-004488 // CNVD: CNVD-2019-14692 // VULHUB: VHN-161161 // VULMON: CVE-2019-9726

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-14692

AFFECTED PRODUCTS

vendor:	eq 3	model:	ccu3	scope:	lte	version:	3.43.15	Trust: 1.8
vendor:	eq 3	model:	ag homematic ccu3	scope:	lte	version:	<=3.43.15	Trust: 0.6

sources: CNVD: CNVD-2019-14692 // JVNDB: JVNDB-2019-004488 // NVD: CVE-2019-9726

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-9726
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-9726
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-14692
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201905-338
value:	HIGH
Trust: 0.6
VULHUB:	VHN-161161
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2019-9726
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-9726
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2019-14692
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-161161
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-9726
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-14692 // VULHUB: VHN-161161 // VULMON: CVE-2019-9726 // JVNDB: JVNDB-2019-004488 // CNNVD: CNNVD-201905-338 // NVD: CVE-2019-9726

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.9

sources: VULHUB: VHN-161161 // JVNDB: JVNDB-2019-004488 // NVD: CVE-2019-9726

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-338

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201905-338

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-004488

PATCH

title:	Top Page	url:	https://www.eq-3.com/	Trust: 0.8
title:	Kenzer Templates [5170] [DEPRECATED]	url:	https://github.com/ARPSyndicate/kenzer-templates	Trust: 0.1

sources: VULMON: CVE-2019-9726 // JVNDB: JVNDB-2019-004488

EXTERNAL IDS

db:	NVD	id:	CVE-2019-9726	Trust: 3.2
db:	JVNDB	id:	JVNDB-2019-004488	Trust: 0.8
db:	CNNVD	id:	CNNVD-201905-338	Trust: 0.7
db:	CNVD	id:	CNVD-2019-14692	Trust: 0.6
db:	VULHUB	id:	VHN-161161	Trust: 0.1
db:	VULMON	id:	CVE-2019-9726	Trust: 0.1

sources: CNVD: CNVD-2019-14692 // VULHUB: VHN-161161 // VULMON: CVE-2019-9726 // JVNDB: JVNDB-2019-004488 // CNNVD: CNNVD-201905-338 // NVD: CVE-2019-9726

REFERENCES

url:	https://atomic111.github.io/article/homematic-ccu3-fileread	Trust: 2.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9726	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9726	Trust: 0.8
url:	https://web.nvd.nist.gov//vuln/detail/cve-2019-9726	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/22.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/arpsyndicate/kenzer-templates	Trust: 0.1

sources: CNVD: CNVD-2019-14692 // VULHUB: VHN-161161 // VULMON: CVE-2019-9726 // JVNDB: JVNDB-2019-004488 // CNNVD: CNNVD-201905-338 // NVD: CVE-2019-9726

SOURCES

db:	CNVD	id:	CNVD-2019-14692
db:	VULHUB	id:	VHN-161161
db:	VULMON	id:	CVE-2019-9726
db:	JVNDB	id:	JVNDB-2019-004488
db:	CNNVD	id:	CNNVD-201905-338
db:	NVD	id:	CVE-2019-9726

LAST UPDATE DATE

2024-11-23T22:33:55.978000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-14692	date:	2019-05-17T00:00:00
db:	VULHUB	id:	VHN-161161	date:	2019-05-14T00:00:00
db:	VULMON	id:	CVE-2019-9726	date:	2019-05-14T00:00:00
db:	JVNDB	id:	JVNDB-2019-004488	date:	2019-06-03T00:00:00
db:	CNNVD	id:	CNNVD-201905-338	date:	2019-05-15T00:00:00
db:	NVD	id:	CVE-2019-9726	date:	2024-11-21T04:52:11.120

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-14692	date:	2019-05-17T00:00:00
db:	VULHUB	id:	VHN-161161	date:	2019-05-13T00:00:00
db:	VULMON	id:	CVE-2019-9726	date:	2019-05-13T00:00:00
db:	JVNDB	id:	JVNDB-2019-004488	date:	2019-06-03T00:00:00
db:	CNNVD	id:	CNNVD-201905-338	date:	2019-05-13T00:00:00
db:	NVD	id:	CVE-2019-9726	date:	2019-05-13T17:29:03.987