CVE-2018-7298: Downloading Firmware via Plain HTTP in HomeMatic CCU2

Background HomeMatic is a home automation system consisting of various components for automating several parts of a building, including different sensors and actuators. The HomeMatic CCU2 is a central control unit, which is responsible for integrating these components with each other. From the vendor’s website (eQ-3): “The Homematic Central Control...


CVE-2018-7300: Arbitrary File Upload / Remote Code Execution in HomeMatic CCU2

Background HomeMatic is a home automation system consisting of various components for automating several parts of a building, including different sensors and actuators. The HomeMatic CCU2 is a central control unit, which is responsible for integrating these components with each other. From the vendor’s website (eQ-3): “The Homematic Central Control...


CVE-2018-7299: Untrusted Addon Installation / Remote Code Execution in HomeMatic CCU2

Background HomeMatic is a home automation system consisting of various components for automating several parts of a building, including different sensors and actuators. The HomeMatic CCU2 is a central control unit, which is responsible for integrating these components with each other. From the vendor’s website (eQ-3): “The Homematic Central Control...


CVE-2018-7297: Remote Code Execution in HomeMatic CCU2

Background HomeMatic is a home automation system consisting of various components for automating several parts of a building, including different sensors and actuators. The HomeMatic CCU2 is a central control unit, which is responsible for integrating these components with each other. From the vendor’s website (eQ-3): “The Homematic Central Control...


CVE-2018-7296: Directory Traversal / Arbitrary File Read in HomeMatic CCU2

Background HomeMatic is a home automation system consisting of various components for automating several parts of a building, including different sensors and actuators. The HomeMatic CCU2 is a central control unit, which is responsible for integrating these components with each other. From the vendor’s website (eQ-3): “The Homematic Central Control...