Vulnerabilities > Bosch
|2022-03-30||CVE-2021-23850|| Classic Buffer Overflow vulnerability in Bosch products |
A specially crafted TCP/IP packet may cause a camera recovery image telnet interface to crash.
| 6.5 |
|2022-03-30||CVE-2021-23851|| Classic Buffer Overflow vulnerability in Bosch products |
A specially crafted TCP/IP packet may cause the camera recovery image web interface to crash.
| 6.5 |
|2022-01-28||CVE-2021-23863|| Cross-site Scripting vulnerability in Bosch Video Security |
HTML code injection vulnerability in Android Application, Bosch Video Security, version 3.2.3.
| 4.3 |
|2022-01-19||CVE-2021-23842|| Use of Hard-coded Credentials vulnerability in Bosch products |
Communication to the AMC2 uses a state-of-the-art cryptographic algorithm for symmetric encryption called Blowfish.
| 3.6 |
|2022-01-19||CVE-2021-23843|| Missing Authentication for Critical Function vulnerability in Bosch products |
The Bosch software tools AccessIPConfig.exe and AmcIpConfig.exe are used to configure certains settings in AMC2 devices.
| 4.6 |
|2021-12-08||CVE-2021-23859|| Improper Handling of Exceptional Conditions vulnerability in Bosch products |
An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash.
| 5.0 |
|2021-12-08||CVE-2021-23860|| Cross-site Scripting vulnerability in Bosch products |
An error in a page handler of the VRM may lead to a reflected cross site scripting (XSS) in the web-based interface.
| 4.3 |
|2021-12-08||CVE-2021-23861|| Command Injection vulnerability in Bosch products |
By executing a special command, an user with administrative rights can get access to extended debug functionality on the VRM allowing an impact on integrity or availability of the installed software.
| 5.5 |
|2021-12-08||CVE-2021-23862|| Command Injection vulnerability in Bosch products |
A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context.
| 9.0 |
|2021-10-04||CVE-2021-23855|| Use of Password Hash With Insufficient Computational Effort vulnerability in Bosch products |
The user and password data base is exposed by an unprotected web server resource.
| 5.0 |