eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the E-Mail AddOn through 1.6.8.c installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the save.cgi script for payload upload and the testtcl.cgi script for its execution.
{
"versions": [
{
"introduced": "0"
},
{
"last_affected": "1.6.8c"
},
{
"introduced": "0"
},
{
"last_affected": "1.6.8c"
},
{
"introduced": "0"
},
{
"last_affected": "1.6.8b"
},
{
"introduced": "0"
},
{
"last_affected": "1.6.8a"
},
{
"introduced": "0"
},
{
"last_affected": "1.6.7c"
},
{
"introduced": "0"
},
{
"last_affected": "1.6.7b"
},
{
"introduced": "0"
},
{
"last_affected": "1.6.7a"
},
{
"introduced": "0"
},
{
"last_affected": "1.6.7"
},
{
"introduced": "0"
},
{
"last_affected": "1.6.6"
},
{
"introduced": "0"
},
{
"last_affected": "1.6.5"
},
{
"introduced": "0"
},
{
"last_affected": "1.6.4"
},
{
"introduced": "0"
},
{
"last_affected": "1.6.3"
},
{
"introduced": "0"
},
{
"last_affected": "1.6.2"
},
{
"introduced": "0"
},
{
"last_affected": "1.6.0"
},
{
"introduced": "0"
},
{
"last_affected": "1.6.8"
},
{
"introduced": "0"
},
{
"last_affected": "1.6.8b"
},
{
"introduced": "0"
},
{
"last_affected": "1.6.8a"
},
{
"introduced": "0"
},
{
"last_affected": "1.6.8"
},
{
"introduced": "0"
},
{
"last_affected": "1.6.7c"
},
{
"introduced": "0"
},
{
"last_affected": "1.6.7b"
},
{
"introduced": "0"
},
{
"last_affected": "1.6.7a"
},
{
"introduced": "0"
},
{
"last_affected": "1.6.7"
},
{
"introduced": "0"
},
{
"last_affected": "1.6.6"
},
{
"introduced": "0"
},
{
"last_affected": "1.6.5"
},
{
"introduced": "0"
},
{
"last_affected": "1.6.4"
},
{
"introduced": "0"
},
{
"last_affected": "1.6.3"
},
{
"introduced": "0"
},
{
"last_affected": "1.6.2"
},
{
"introduced": "0"
},
{
"last_affected": "1.6.0"
}
]
}"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-18938.json"
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.24.20"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.47.18"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.24.20"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.24.20"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.24.20"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.24.20"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.24.20"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.24.20"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.24.20"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.24.20"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.24.20"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.24.20"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.24.20"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.24.20"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.24.20"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.47.18"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.47.18"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.47.18"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.47.18"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.47.18"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.47.18"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.47.18"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.47.18"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.47.18"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.47.18"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.47.18"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.47.18"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.47.18"
}
]
}
]