Vulnerabilities > Bosch > Nexo OS
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-01-10 | CVE-2023-48251 | Use of Hard-coded Credentials vulnerability in Bosch Nexo-Os 1000/1500Sp2 The vulnerability allows a remote attacker to authenticate to the SSH service with root privileges through a hidden hard-coded account. | 9.8 |
2024-01-10 | CVE-2023-48252 | Unspecified vulnerability in Bosch Nexo-Os 1000/1500Sp2 The vulnerability allows an authenticated remote attacker to perform actions exceeding their authorized access via crafted HTTP requests. | 8.8 |
2024-01-10 | CVE-2023-48253 | SQL Injection vulnerability in Bosch Nexo-Os 1000/1500Sp2 The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTTP request. By abusing this vulnerability it is possible to exfiltrate other users’ password hashes or update them with arbitrary values and access their accounts. | 8.8 |
2024-01-10 | CVE-2023-48254 | Cross-site Scripting vulnerability in Bosch Nexo-Os 1000/1500Sp2 The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request. | 6.1 |
2024-01-10 | CVE-2023-48255 | Cross-site Scripting vulnerability in Bosch Nexo-Os 1000/1500Sp2 The vulnerability allows an unauthenticated remote attacker to send malicious network requests containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the poisoned log. | 6.1 |
2024-01-10 | CVE-2023-48256 | Interpretation Conflict vulnerability in Bosch Nexo-Os 1000/1500Sp2 The vulnerability allows a remote attacker to inject arbitrary HTTP response headers or manipulate HTTP response bodies inside a victim’s session via a crafted URL or HTTP request. | 6.3 |
2024-01-10 | CVE-2023-48257 | Improper Authentication vulnerability in Bosch Nexo-Os 1000/1500Sp2 The vulnerability allows a remote attacker to access sensitive data inside exported packages or obtain up to Remote Code Execution (RCE) with root privileges on the device. | 8.8 |
2024-01-10 | CVE-2023-48258 | Cross-Site Request Forgery (CSRF) vulnerability in Bosch Nexo-Os 1000/1500Sp2 The vulnerability allows a remote attacker to delete arbitrary files on the file system via a crafted URL or HTTP request through a victim’s session. | 8.1 |
2024-01-10 | CVE-2023-48259 | SQL Injection vulnerability in Bosch Nexo-Os 1000/1500Sp2 The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request. | 7.5 |
2024-01-10 | CVE-2023-48260 | SQL Injection vulnerability in Bosch Nexo-Os 1000/1500Sp2 The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request. | 7.5 |