eQ-3 Homematic CCU3 AddOn ‘Mediola NEO Server for Homematic CCU3’ prior to 2.4.5 allows uncontrolled admin access to start or stop the Node.js process, resulting in the ability to obtain mediola configuration details. This is related to improper access control for addons configuration pages and a missing check in rc.d/97NeoServer.
View Full Alert
Related Posts
CVE-2019-1010009 (dglux_server)DGLogik Inc DGLux Server All Versions is affected by: Insecure Permissions. The impact is: Remote Execution, Credential Leaks. The component is: IoT API. The attack vector is: Any Accessible Server.…
CVE-2019-1623 (meeting_server)A vulnerability in the CLI configuration shell of Cisco Meeting Server could allow an authenticated, local attacker to inject arbitrary commands as the root user. The vulnerability is due to…
CVE-2019-7590 (exacqvision_server)ExacqVision Server?s services 'exacqVisionServer', 'dvrdhcpserver' and 'mdnsresponder' have an unquoted service path. If an authenticated user is able to insert code in their system root path it potentially can be…
