Vulnerabilities > CVE-2019-11894 - Unspecified vulnerability in Bosch Smart Home Controller Firmware

CVSS 5.7 - MEDIUM

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

low complexity

bosch

NVD

Published: 2019-05-29

Updated: 2020-10-06

Summary

A potential improper access control vulnerability exists in the backup mechanism of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in unauthorized download of a backup. In order to exploit the vulnerability, the adversary needs to download the backup directly after a backup triggered by a legitimate user has been completed.

Vulnerable Configurations

Part	Description	Count
OS	Bosch Bosch Smart Home Controller Firmware -	1
Hardware	Bosch Bosch Smart Home Controller -	1

References

https://psirt.bosch.com/Advisory/BOSCH-SA-662084.html