Vulnerabilities > Bosch

DATE CVE VULNERABILITY TITLE RISK
2021-06-18 CVE-2021-23845 Unspecified vulnerability in Bosch products
This vulnerability could allow an attacker to hijack a session while a user is logged in the configuration web page.
network
bosch
6.8
2021-06-18 CVE-2021-23846 Cleartext Transmission of Sensitive Information vulnerability in Bosch B426 Firmware
When using http protocol, the user password is transmitted as a clear text parameter for which it is possible to be obtained by an attacker through a MITM attack.
network
bosch CWE-319
4.3
2021-06-09 CVE-2021-23847 Missing Authentication for Critical Function vulnerability in Bosch Cpp6 Firmware, Cpp7.3 Firmware and Cpp7 Firmware
A Missing Authentication in Critical Function in Bosch IP cameras allows an unauthenticated remote attacker to extract sensitive information or change settings of the camera by sending crafted requests to the device.
network
low complexity
bosch CWE-306
6.4
2021-06-09 CVE-2021-23848 Cross-Site Scripting vulnerability in Bosch products
An error in the URL handler Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-based interface.
network
bosch CWE-79
4.3
2021-06-09 CVE-2021-23852 Resource Exhaustion vulnerability in Bosch products
An authenticated attacker with administrator rights Bosch IP cameras can call an URL with an invalid parameter that causes the camera to become unresponsive for a few seconds and cause a Denial of Service (DoS).
network
low complexity
bosch CWE-400
4.0
2021-06-09 CVE-2021-23853 Improper Input Validation vulnerability in Bosch products
In Bosch IP cameras, improper validation of the HTTP header allows an attacker to inject arbitrary HTTP headers through crafted URLs.
network
low complexity
bosch CWE-20
7.5
2021-06-09 CVE-2021-23854 Cross-Site Scripting vulnerability in Bosch products
An error in the handling of a page parameter in Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-based interface.
network
bosch CWE-79
4.3
2021-03-25 CVE-2020-6790 Uncontrolled Search Path Element vulnerability in Bosch Video Streaming Gateway
Calling an executable through an Uncontrolled Search Path Element in the Bosch Video Streaming Gateway installer up to and including version 6.45.10 potentially allows an attacker to execute arbitrary code on a victim's system.
local
bosch CWE-427
6.9
2021-03-25 CVE-2020-6789 Uncontrolled Search Path Element vulnerability in Bosch Monitor Wall 10.00.0164
Loading a DLL through an Uncontrolled Search Path Element in the Bosch Monitor Wall installer up to and including version 10.00.0164 potentially allows an attacker to execute arbitrary code on a victim's system.
local
bosch CWE-427
6.9
2021-03-25 CVE-2020-6788 Uncontrolled Search Path Element vulnerability in Bosch Configuration Manager
Loading a DLL through an Uncontrolled Search Path Element in the Bosch Configuration Manager installer up to and including version 7.21.0078 potentially allows an attacker to execute arbitrary code on a victim's system.
local
bosch CWE-427
6.9