Open XML-RPC Port Without Authentication in eQ-3 AG HomeMatic CCU2 2.29.22 Devices

Open XML-RPC Port Without Authentication in eQ-3 AG HomeMatic CCU2 2.29.22 Devices

CVE-2018-7301 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

eQ-3 AG HomeMatic CCU2 2.29.22 devices have an open XML-RPC port without authentication. This can be exploited by sending arbitrary XML-RPC requests to control the attached BidCos devices.

Learn more about our Web Application Penetration Testing UK.