.. / CVE-2019-9726

Exploit for Homematic CCU3 - Local File Inclusion (CVE-2019-9726)

Description:

eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to read arbitrary files of the device’s filesystem, aka local file inclusion. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.

Nuclei Template

View the template here CVE-2019-9726.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2019/CVE-2019-9726.yaml

References:

https://github.com/ARPSyndicate/kenzer-templates
https://nvd.nist.gov/vuln/detail/CVE-2019-9726
https://atomic111.github.io/article/homematic-ccu3-fileread

.. / CVE-2019-9726 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Homematic CCU3 - Local File Inclusion (CVE-2019-9726)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2019-9726