Vulnerabilities > Bosch
|2021-10-04||CVE-2021-23858|| Insufficiently Protected Credentials vulnerability in Bosch products |
Information disclosure: The main configuration, including users and their hashed passwords, is exposed by an unprotected web server resource and can be accessed without authentication.
| 7.8 |
|2021-10-04||CVE-2021-23857|| Improper Authentication vulnerability in Bosch products |
Login with hash: The login routine allows the client to log in to the system not by using the password, but by using the hash of the password.
| 10.0 |
|2021-10-04||CVE-2021-23856|| Cross-site Scripting vulnerability in Bosch products |
The web server is vulnerable to reflected XSS and therefore an attacker might be able to execute scripts on a client’s computer by sending the client a manipulated URL.
| 4.3 |
|2021-10-04||CVE-2021-23855|| Use of Password Hash With Insufficient Computational Effort vulnerability in Bosch products |
The user and password data base is exposed by an unprotected web server resource.
| 5.0 |
|2021-08-05||CVE-2021-23849|| Cross-Site Request Forgery (CSRF) vulnerability in Bosch products |
A vulnerability in the web-based interface allows an unauthenticated remote attacker to trigger actions on an affected system on behalf of another user (CSRF - Cross Site Request Forgery).
| 6.8 |
|2021-06-18||CVE-2021-23846|| Cleartext Transmission of Sensitive Information vulnerability in Bosch B426 Firmware |
When using http protocol, the user password is transmitted as a clear text parameter for which it is possible to be obtained by an attacker through a MITM attack.
| 4.3 |
|2021-06-18||CVE-2021-23845|| Unspecified vulnerability in Bosch products |
This vulnerability could allow an attacker to hijack a session while a user is logged in the configuration web page.
| 6.8 |
|2021-06-09||CVE-2021-23854|| Cross-site Scripting vulnerability in Bosch products |
An error in the handling of a page parameter in Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-based interface.
| 4.3 |
|2021-06-09||CVE-2021-23853|| Improper Input Validation vulnerability in Bosch products |
In Bosch IP cameras, improper validation of the HTTP header allows an attacker to inject arbitrary HTTP headers through crafted URLs.
| 7.5 |
|2021-06-09||CVE-2021-23852|| Resource Exhaustion vulnerability in Bosch products |
An authenticated attacker with administrator rights Bosch IP cameras can call an URL with an invalid parameter that causes the camera to become unresponsive for a few seconds and cause a Denial of Service (DoS).
| 4.0 |