Vulnerabilities > Bosch

DATE CVE VULNERABILITY TITLE RISK
2021-10-04 CVE-2021-23858 Insufficiently Protected Credentials vulnerability in Bosch products
Information disclosure: The main configuration, including users and their hashed passwords, is exposed by an unprotected web server resource and can be accessed without authentication.
network
low complexity
bosch CWE-522
7.8
2021-10-04 CVE-2021-23857 Improper Authentication vulnerability in Bosch products
Login with hash: The login routine allows the client to log in to the system not by using the password, but by using the hash of the password.
network
low complexity
bosch CWE-287
critical
10.0
2021-10-04 CVE-2021-23856 Cross-site Scripting vulnerability in Bosch products
The web server is vulnerable to reflected XSS and therefore an attacker might be able to execute scripts on a client’s computer by sending the client a manipulated URL.
network
bosch CWE-79
4.3
2021-10-04 CVE-2021-23855 Use of Password Hash With Insufficient Computational Effort vulnerability in Bosch products
The user and password data base is exposed by an unprotected web server resource.
network
low complexity
bosch CWE-916
5.0
2021-08-05 CVE-2021-23849 Cross-Site Request Forgery (CSRF) vulnerability in Bosch products
A vulnerability in the web-based interface allows an unauthenticated remote attacker to trigger actions on an affected system on behalf of another user (CSRF - Cross Site Request Forgery).
network
bosch CWE-352
6.8
2021-06-18 CVE-2021-23846 Cleartext Transmission of Sensitive Information vulnerability in Bosch B426 Firmware
When using http protocol, the user password is transmitted as a clear text parameter for which it is possible to be obtained by an attacker through a MITM attack.
network
bosch CWE-319
4.3
2021-06-18 CVE-2021-23845 Unspecified vulnerability in Bosch products
This vulnerability could allow an attacker to hijack a session while a user is logged in the configuration web page.
network
bosch
6.8
2021-06-09 CVE-2021-23854 Cross-site Scripting vulnerability in Bosch products
An error in the handling of a page parameter in Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-based interface.
network
bosch CWE-79
4.3
2021-06-09 CVE-2021-23853 Improper Input Validation vulnerability in Bosch products
In Bosch IP cameras, improper validation of the HTTP header allows an attacker to inject arbitrary HTTP headers through crafted URLs.
network
low complexity
bosch CWE-20
7.5
2021-06-09 CVE-2021-23852 Resource Exhaustion vulnerability in Bosch products
An authenticated attacker with administrator rights Bosch IP cameras can call an URL with an invalid parameter that causes the camera to become unresponsive for a few seconds and cause a Denial of Service (DoS).
network
low complexity
bosch CWE-400
4.0