Vulnerabilities > CVE-2019-11892 - Unspecified vulnerability in Bosch Smart Home Controller Firmware

CVSS 8.0 - HIGH

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

low complexity

bosch

NVD

Published: 2019-05-29

Updated: 2020-10-06

Summary

A potential improper access control vulnerability exists in the JSON-RPC interface of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in reading or modification of the SHC's configuration or triggering and restoring backups. In order to exploit the vulnerability, the adversary needs to have successfully paired an app or service, which requires user interaction.

Vulnerable Configurations

Part	Description	Count
OS	Bosch Bosch Smart Home Controller Firmware -	1
Hardware	Bosch Bosch Smart Home Controller -	1

References

https://psirt.bosch.com/Advisory/BOSCH-SA-662084.html