Vulnerabilities > Bosch
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-08 | CVE-2021-23861 | Unspecified vulnerability in Bosch products By executing a special command, an user with administrative rights can get access to extended debug functionality on the VRM allowing an impact on integrity or availability of the installed software. | 6.5 |
| 2021-12-08 | CVE-2021-23862 | OS Command Injection vulnerability in Bosch products A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. | 7.2 |
| 2021-10-04 | CVE-2021-23855 | Inadequate Encryption Strength vulnerability in Bosch products The user and password data base is exposed by an unprotected web server resource. | 7.5 |
| 2021-10-04 | CVE-2021-23856 | Cross-site Scripting vulnerability in Bosch products The web server is vulnerable to reflected XSS and therefore an attacker might be able to execute scripts on a client’s computer by sending the client a manipulated URL. | 6.1 |
| 2021-10-04 | CVE-2021-23857 | Improper Authentication vulnerability in Bosch products Login with hash: The login routine allows the client to log in to the system not by using the password, but by using the hash of the password. | 9.8 |
| 2021-10-04 | CVE-2021-23858 | Missing Authentication for Critical Function vulnerability in Bosch products Information disclosure: The main configuration, including users and their hashed passwords, is exposed by an unprotected web server resource and can be accessed without authentication. | 7.5 |
| 2021-08-05 | CVE-2021-23849 | Cross-Site Request Forgery (CSRF) vulnerability in Bosch products A vulnerability in the web-based interface allows an unauthenticated remote attacker to trigger actions on an affected system on behalf of another user (CSRF - Cross Site Request Forgery). | 8.8 |
| 2021-06-18 | CVE-2021-23845 | Unspecified vulnerability in Bosch products This vulnerability could allow an attacker to hijack a session while a user is logged in the configuration web page. | 8.8 |
| 2021-06-18 | CVE-2021-23846 | Cleartext Transmission of Sensitive Information vulnerability in Bosch B426 Firmware When using http protocol, the user password is transmitted as a clear text parameter for which it is possible to be obtained by an attacker through a MITM attack. | 5.9 |
| 2021-06-09 | CVE-2021-23847 | Missing Authentication for Critical Function vulnerability in Bosch Cpp6 Firmware, Cpp7.3 Firmware and Cpp7 Firmware A Missing Authentication in Critical Function in Bosch IP cameras allows an unauthenticated remote attacker to extract sensitive information or change settings of the camera by sending crafted requests to the device. | 9.1 |