Vulnerabilities > Bosch
|2020-09-16||CVE-2020-6781|| Improper Certificate Validation vulnerability in Bosch Smart Home |
Improper certificate validation for certain connections in the Bosch Smart Home System App for iOS prior to version 9.17.1 potentially allows to intercept video contents by performing a man-in-the-middle attack.
| 5.8 |
|2020-05-27||CVE-2020-6774|| Exposure of Resource TO Wrong Sphere vulnerability in Bosch Recording Station Firmware |
Improper Access Control in the Kiosk Mode functionality of Bosch Recording Station allows a local unauthenticated attacker to escape from the Kiosk Mode and access the underlying operating system.
| 7.2 |
|2020-02-07||CVE-2020-6770|| Deserialization of Untrusted Data vulnerability in Bosch products |
Deserialization of Untrusted Data in the BVMS Mobile Video Service (BVMS MVS) allows an unauthenticated remote attacker to execute arbitrary code on the system.
| 10.0 |
|2020-02-07||CVE-2020-6768|| Path Traversal vulnerability in Bosch products |
A path traversal vulnerability in the Bosch Video Management System (BVMS) NoTouch deployment allows an unauthenticated remote attacker to read arbitrary files from the Central Server.
| 5.0 |
|2020-02-07||CVE-2020-6769|| Missing Authentication FOR Critical Function vulnerability in Bosch products |
Missing Authentication for Critical Function in the Bosch Video Streaming Gateway (VSG) allows an unauthenticated remote attacker to retrieve and set arbitrary configuration data of the Video Streaming Gateway.
| 6.4 |
|2020-02-06||CVE-2020-6767|| Path Traversal vulnerability in Bosch products |
A path traversal vulnerability in the Bosch Video Management System (BVMS) FileTransferService allows an authenticated remote attacker to read arbitrary files from the Central Server.
| 4.0 |
|2019-09-12||CVE-2019-11899|| Information Exposure vulnerability in Bosch Access 2.1/3.3/3.7 |
An unauthenticated attacker can achieve unauthorized access to sensitive data by exploiting Windows SMB protocol on a client installation.
| 4.0 |
|2019-09-12||CVE-2019-11898|| USE of Hard-Coded Credentials vulnerability in Bosch Access 2.1/3.3/3.7 |
Unauthorized APE administration privileges can be achieved by reverse engineering one of the APE service tools.
| 6.5 |
|2019-08-21||CVE-2019-11603|| Path Traversal vulnerability in Bosch IOT Gateway Software and Prosyst MBS SDK |
A HTTP Traversal Attack in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.0.2 allows remote attackers to read files outside the http root.
| 5.0 |
|2019-08-21||CVE-2019-11602|| Information Exposure Through AN Error Message vulnerability in Bosch IOT Gateway Software and Prosyst MBS SDK |
Leakage of stack traces in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to gather information about the file system structure.
| 5.0 |