CVE-2019-18939

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-18939

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-18939.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-18939

Published

2019-11-14T19:15:13.410Z

Modified

2025-11-14T09:24:56.796852Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the HM-Print AddOn through 1.2a installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the exec.cgi and exec1.cgi scripts, which execute TCL script content from an HTTP POST request.

References

https://psytester.github.io/CVE-2019-18939/

Affected packages

Git / github.com/litti/hm-print

Affected ranges

Type: GIT
Repo: https://github.com/litti/hm-print
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

92312b46211841ddf4ae42edf59dd007b0282539

Affected versions

1.*

1.2

1.2a

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-18939.json"