CVE-2019-9584

eQ-3 Homematic AddOn 'CloudMatic' on CCU2 and CCU3 allows uncontrolled admin access, resulting in the ability to obtain VPN profile details, shutting down the VPN service and to delete the VPN service configuration. This is related to improper access control for all /addons/mh/ pages.
Configurations

Configuration 1


Information

Published : 2019-08-14 09:15

Updated : 2020-08-24 05:37


NVD link : CVE-2019-9584

Mitre link : CVE-2019-9584

Products Affected
CWE
CWE-425

Direct Request ('Forced Browsing')