1500Sp2

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

bosch

CWE-862

critical

NVD

Published: 2024-01-10

Updated: 2024-01-16

Summary

The vulnerability allows an unauthenticated remote attacker to upload arbitrary files under the context of the application OS user (“root”) via a crafted HTTP request.

Vulnerable Configurations

Part	Description	Count
OS	Bosch Bosch Nexo OS 1000 Bosch Nexo OS 1500-Sp2	2
Hardware	Bosch Bosch Nexo Cordless Nutrunner Nxa011S 36V B (0608842012) - Bosch Nexo Cordless Nutrunner Nxa011S 36V (0608842011) - Bosch Nexo Cordless Nutrunner Nxa015S 36V B (0608842006) - Bosch Nexo Cordless Nutrunner Nxa015S 36V (0608842001) - Bosch Nexo Cordless Nutrunner Nxa030S 36V B (0608842007) - Bosch Nexo Cordless Nutrunner Nxa030S 36V (0608842002) - Bosch Nexo Cordless Nutrunner Nxa050S 36V B (0608842008) - Bosch Nexo Cordless Nutrunner Nxa050S 36V (0608842003) - Bosch Nexo Cordless Nutrunner Nxa065S 36V B (0608842014) - Bosch Nexo Cordless Nutrunner Nxa065S 36V (0608842013) - Bosch Nexo Cordless Nutrunner Nxp012Qd 36V B (0608842010) - Bosch Nexo Cordless Nutrunner Nxp012Qd 36V (0608842005) - Bosch Nexo Cordless Nutrunner Nxv012T 36V B (0608842016) - Bosch Nexo Cordless Nutrunner Nxv012T 36V (0608842015) - Bosch Nexo Special Cordless Nutrunner (0608Pe2272) - Bosch Nexo Special Cordless Nutrunner (0608Pe2301) - Bosch Nexo Special Cordless Nutrunner (0608Pe2514) - Bosch Nexo Special Cordless Nutrunner (0608Pe2515) - Bosch Nexo Special Cordless Nutrunner (0608Pe2666) - Bosch Nexo Special Cordless Nutrunner (0608Pe2673) -	20

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html