HMCCU-154: Session ID Persistence Vulnerability in eQ-3 HomeMatic CCU2 and CCU3 Devices

HMCCU-154: Session ID Persistence Vulnerability in eQ-3 HomeMatic CCU2 and CCU3 Devices

CVE-2019-10120 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

On eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16, automatic login configuration (aka setAutoLogin) can be achieved by continuing to use a session ID after a logout, aka HMCCU-154.

Learn more about our Web Application Penetration Testing UK.