My IDPS system warned me about an issue with the Homematic(IP) Local for OpenCCU integration accessing my CCU3:
“ET EXPLOIT HTTP POST with Common Ruby RCE Technique in Body”
Maybe somebody with more technical insights could check if the integration has been compromised or if it just a false positive?
Thanks in advance!
Likely your firewall has identified an attempt against the port of your Homematic with the exploit you are referring to.
Exactly, but the source was my Home Assistant server, target my CCU. So I guess there’s code in the integration triggering this alarm. As I can’t check the validity of the code by myself, maybe somebody with more knowledge on this can run a check on the code, just to make sure that the code repository hasn’t been compromised?
Why not asking the integrations maintainer?
If you approach the maintainers then make sure you have plenty info on what the warning means.
The warning text is not enough to understand what your IDS is tripping about.