cbcvebase.
CVE-2019-9726
published 2019-05-13

CVE-2019-9726: Directory Traversal / Arbitrary File Read in eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to read arbitrary files of the device's…

PriorityP266high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
15.73%
96.5th percentile
Directory Traversal / Arbitrary File Read in eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to read arbitrary files of the device's filesystem. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.

Affected

1 ranges
VendorProductVersion rangeFixed in
eq-3ccu3_firmware<= 3.43.15

Detection & IOCsextracted from sources · hover to see the quote

path/.%00./.%00./etc/passwd
  • Send a GET request to the path /.%00./.%00./etc/passwd on the target device; a successful LFI response will contain 'root:.*:0:0:' or 'bin:.*:0:0:' in the response body with HTTP 200.
  • The exploit is unauthenticated — no session token or credentials are required. Any HTTP GET to the traversal path from an unauthenticated client is a valid attack attempt.
  • ·Affected versions are CCU3 firmware 3.43.15 and earlier; detections should be scoped to devices running these versions.

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.