CVE-2019-9726
CVE-2019-9726
Vexday Risk Score
23Low
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 15.7%KEV nãoPoC —Nuclei simMetasploit —Patch —
Lifecycle
13 May 2019Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
Directory Traversal / Arbitrary File Read in eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to read arbitrary files of the device's filesystem. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.
Affected products
n/a · n/a