Vulnerabilities > Bosch

DATE CVE VULNERABILITY TITLE RISK
2022-03-30 CVE-2021-23850 Classic Buffer Overflow vulnerability in Bosch products
A specially crafted TCP/IP packet may cause a camera recovery image telnet interface to crash.
network
low complexity
bosch CWE-120
6.5
2022-03-30 CVE-2021-23851 Classic Buffer Overflow vulnerability in Bosch products
A specially crafted TCP/IP packet may cause the camera recovery image web interface to crash.
network
low complexity
bosch CWE-120
6.5
2022-01-28 CVE-2021-23863 Cross-site Scripting vulnerability in Bosch Video Security
HTML code injection vulnerability in Android Application, Bosch Video Security, version 3.2.3.
network
bosch CWE-79
4.3
2022-01-19 CVE-2021-23842 Use of Hard-coded Credentials vulnerability in Bosch products
Communication to the AMC2 uses a state-of-the-art cryptographic algorithm for symmetric encryption called Blowfish.
local
low complexity
bosch CWE-798
3.6
2022-01-19 CVE-2021-23843 Missing Authentication for Critical Function vulnerability in Bosch products
The Bosch software tools AccessIPConfig.exe and AmcIpConfig.exe are used to configure certains settings in AMC2 devices.
local
low complexity
bosch CWE-306
4.6
2021-12-08 CVE-2021-23859 Improper Handling of Exceptional Conditions vulnerability in Bosch products
An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash.
network
low complexity
bosch CWE-755
5.0
2021-12-08 CVE-2021-23860 Cross-site Scripting vulnerability in Bosch products
An error in a page handler of the VRM may lead to a reflected cross site scripting (XSS) in the web-based interface.
network
bosch CWE-79
4.3
2021-12-08 CVE-2021-23861 Command Injection vulnerability in Bosch products
By executing a special command, an user with administrative rights can get access to extended debug functionality on the VRM allowing an impact on integrity or availability of the installed software.
network
low complexity
bosch CWE-77
5.5
2021-12-08 CVE-2021-23862 Command Injection vulnerability in Bosch products
A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context.
network
low complexity
bosch CWE-77
critical
9.0
2021-10-04 CVE-2021-23855 Use of Password Hash With Insufficient Computational Effort vulnerability in Bosch products
The user and password data base is exposed by an unprotected web server resource.
network
low complexity
bosch CWE-916
5.0