Sign-up

ID

VAR-201905-0206


CVE

CVE-2019-9727


TITLE

eQ-3 AG Homematic CCU3 Vulnerabilities related to certificate and password management

Trust: 0.8

sources: JVNDB: JVNDB-2019-004486

DESCRIPTION

Unauthenticated password hash disclosure in the User.getUserPWD method in eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to retrieve the GUI password hashes of GUI users. This vulnerability can be exploited by unauthenticated attackers with access to the web interface. eQ-3 AG Homematic CCU3 Contains vulnerabilities related to certificate and password management.Information may be obtained. eQ-3AGHomematicCCU3 is a set of home automation control equipment from Germany eQ-3AG. This vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products

Trust: 2.25

sources: NVD: CVE-2019-9727 // JVNDB: JVNDB-2019-004486 // CNVD: CNVD-2019-14693 // VULHUB: VHN-161162

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-14693

AFFECTED PRODUCTS

vendor:eq 3model:ccu3scope:lteversion:3.43.15

Trust: 1.8

vendor:eq 3model:ag homematic ccu3scope:lteversion:<=3.43.15

Trust: 0.6

sources: CNVD: CNVD-2019-14693 // JVNDB: JVNDB-2019-004486 // NVD: CVE-2019-9727

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-9727
value: HIGH

Trust: 1.0

NVD: CVE-2019-9727
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-14693
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201905-336
value: HIGH

Trust: 0.6

VULHUB: VHN-161162
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-9727
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-14693
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-161162
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-9727
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-14693 // VULHUB: VHN-161162 // JVNDB: JVNDB-2019-004486 // CNNVD: CNNVD-201905-336 // NVD: CVE-2019-9727

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.1

problemtype:CWE-255

Trust: 0.9

sources: VULHUB: VHN-161162 // JVNDB: JVNDB-2019-004486 // NVD: CVE-2019-9727

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-336

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201905-336

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-004486

PATCH
title:Top Pageurl:https://www.eq-3.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-004486

EXTERNAL IDS
db:NVDid:CVE-2019-9727
Trust: 3.1
db:JVNDBid:JVNDB-2019-004486
Trust: 0.8
db:CNNVDid:CNNVD-201905-336
Trust: 0.7
db:CNVDid:CNVD-2019-14693
Trust: 0.6
db:VULHUBid:VHN-161162
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-14693 // 
            
            
            
            VULHUB: VHN-161162 // 
            
            
            
            JVNDB: JVNDB-2019-004486 // 
            
            
            
            CNNVD: CNNVD-201905-336 // 
            
            
            
            NVD: CVE-2019-9727

REFERENCES
url:https://atomic111.github.io/article/homematic-ccu3-unauthenticated-password-hash-disclosure
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2019-9727
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9727
Trust: 0.8
url:https://web.nvd.nist.gov//vuln/detail/cve-2019-9727
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-14693 // 
            
            
            
            VULHUB: VHN-161162 // 
            
            
            
            JVNDB: JVNDB-2019-004486 // 
            
            
            
            CNNVD: CNNVD-201905-336 // 
            
            
            
            NVD: CVE-2019-9727

SOURCES
db:CNVDid:CNVD-2019-14693
db:VULHUBid:VHN-161162
db:JVNDBid:JVNDB-2019-004486
db:CNNVDid:CNNVD-201905-336
db:NVDid:CVE-2019-9727

LAST UPDATE DATE
2024-11-23T22:51:49.172000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-14693date:2019-05-17T00:00:00
db:VULHUBid:VHN-161162date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-004486date:2019-06-03T00:00:00
db:CNNVDid:CNNVD-201905-336date:2020-10-28T00:00:00
db:NVDid:CVE-2019-9727date:2024-11-21T04:52:11.250

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-14693date:2019-05-17T00:00:00
db:VULHUBid:VHN-161162date:2019-05-13T00:00:00
db:JVNDBid:JVNDB-2019-004486date:2019-06-03T00:00:00
db:CNNVDid:CNNVD-201905-336date:2019-05-13T00:00:00
db:NVDid:CVE-2019-9727date:2019-05-13T17:29:04.223