Vulnerability Details : CVE-2019-13030
Potential exploit
eQ-3 Homematic CCU3 AddOn 'Mediola NEO Server for Homematic CCU3' prior to 2.4.5 allows uncontrolled admin access to start or stop the Node.js process, resulting in the ability to obtain mediola configuration details. This is related to improper access control for addons configuration pages and a missing check in rc.d/97NeoServer.
Products affected by CVE-2019-13030
- cpe:2.3:a:mediola:neo_server:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-13030
0.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 48 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-13030
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.4
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:P |
10.0
|
4.9
|
NIST | |
8.2
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H |
3.9
|
4.2
|
NIST |
CWE ids for CVE-2019-13030
-
The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-13030
-
https://github.com/psytester/psytester.github.io/blob/master/_posts/hacking_and_pentests/CVEs/2019-06-29-CVE-2019-13030.md
psytester.github.io/2019-06-29-CVE-2019-13030.md at master · psytester/psytester.github.io · GitHubExploit;Third Party Advisory
-
https://psytester.github.io/CVE-2019-13030/
CVE-2019-13030 eQ-3 Homematic CCU3 AddOn 'Mediola NEO Server for Homematic CCU3' prior 2.4.5 allows uncontrolled admin access to start or stop the Node.js process, resulting in the ability to obtain mExploit;Third Party Advisory
Jump to