Vulnerabilities > Bosch > Nexo OS > High

DATE CVE VULNERABILITY TITLE RISK
2024-01-10 CVE-2023-48252 Unspecified vulnerability in Bosch Nexo-Os 1000/1500Sp2
The vulnerability allows an authenticated remote attacker to perform actions exceeding their authorized access via crafted HTTP requests.
network
low complexity
bosch
8.8
2024-01-10 CVE-2023-48253 SQL Injection vulnerability in Bosch Nexo-Os 1000/1500Sp2
The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTTP request. By abusing this vulnerability it is possible to exfiltrate other users’ password hashes or update them with arbitrary values and access their accounts.
network
low complexity
bosch CWE-89
8.8
2024-01-10 CVE-2023-48257 Improper Authentication vulnerability in Bosch Nexo-Os 1000/1500Sp2
The vulnerability allows a remote attacker to access sensitive data inside exported packages or obtain up to Remote Code Execution (RCE) with root privileges on the device.
network
low complexity
bosch CWE-287
8.8
2024-01-10 CVE-2023-48258 Cross-Site Request Forgery (CSRF) vulnerability in Bosch Nexo-Os 1000/1500Sp2
The vulnerability allows a remote attacker to delete arbitrary files on the file system via a crafted URL or HTTP request through a victim’s session.
network
low complexity
bosch CWE-352
8.1
2024-01-10 CVE-2023-48259 SQL Injection vulnerability in Bosch Nexo-Os 1000/1500Sp2
The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request.
network
low complexity
bosch CWE-89
7.5
2024-01-10 CVE-2023-48260 SQL Injection vulnerability in Bosch Nexo-Os 1000/1500Sp2
The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request.
network
low complexity
bosch CWE-89
7.5
2024-01-10 CVE-2023-48261 SQL Injection vulnerability in Bosch Nexo-Os 1000/1500Sp2
The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request.
network
low complexity
bosch CWE-89
7.5
2024-01-10 CVE-2023-48243 Path Traversal vulnerability in Bosch Nexo-Os 1000/1500Sp2
The vulnerability allows a remote attacker to upload arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. By abusing this vulnerability, it is possible to obtain remote code execution (RCE) with root privileges on the device.
network
low complexity
bosch CWE-22
8.8
2024-01-10 CVE-2023-48247 Missing Authorization vulnerability in Bosch Nexo-Os 1000/1500Sp2
The vulnerability allows an unauthenticated remote attacker to read arbitrary files under the context of the application OS user (“root”) via a crafted HTTP request.
network
low complexity
bosch CWE-862
7.5