Uncontrolled Admin Access and Information Disclosure in eQ-3 Homematic CCU3 AddOn 'Mediola NEO Server for Homematic CCU3'

Uncontrolled Admin Access and Information Disclosure in eQ-3 Homematic CCU3 AddOn 'Mediola NEO Server for Homematic CCU3'

CVE-2019-13030 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

eQ-3 Homematic CCU3 AddOn 'Mediola NEO Server for Homematic CCU3' prior to 2.4.5 allows uncontrolled admin access to start or stop the Node.js process, resulting in the ability to obtain mediola configuration details. This is related to improper access control for addons configuration pages and a missing check in rc.d/97NeoServer.

Learn more about our Cis Benchmark Audit For Server Software.