MidnightBSD

Advisories for hm_email_project

CVE-2019-18938 HIGH

eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the E-Mail AddOn through 1.6.8.c installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the save.cgi script for payload upload and the testtcl.cgi script for its execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,

Products Affected

Vendor Product Version
eq-3 homematic_ccu2_firmware 2.24.20
hm_email_project hm_email 1.6.3
hm_email_project hm_email 1.6.8
hm_email_project hm_email 1.6.4
hm_email_project hm_email 1.6.2
hm_email_project hm_email 1.6.8b
hm_email_project hm_email 1.6.8c
hm_email_project hm_email 1.6.7c
hm_email_project hm_email 1.6.7b
hm_email_project hm_email 1.6.0
hm_email_project hm_email 1.6.7a
hm_email_project hm_email 1.6.8a
hm_email_project hm_email 1.6.5
eq-3 homematic_ccu3_firmware 3.47.18
hm_email_project hm_email 1.6.7
hm_email_project hm_email 1.6.6