Vulnerabilities > Bosch
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-10-04 | CVE-2021-23855 | Inadequate Encryption Strength vulnerability in Bosch products The user and password data base is exposed by an unprotected web server resource. | 5.0 |
2021-10-04 | CVE-2021-23856 | Cross-site Scripting vulnerability in Bosch products The web server is vulnerable to reflected XSS and therefore an attacker might be able to execute scripts on a client’s computer by sending the client a manipulated URL. | 4.3 |
2021-10-04 | CVE-2021-23857 | Improper Authentication vulnerability in Bosch products Login with hash: The login routine allows the client to log in to the system not by using the password, but by using the hash of the password. | 10.0 |
2021-10-04 | CVE-2021-23858 | Missing Authentication for Critical Function vulnerability in Bosch products Information disclosure: The main configuration, including users and their hashed passwords, is exposed by an unprotected web server resource and can be accessed without authentication. | 7.8 |
2021-08-05 | CVE-2021-23849 | Cross-Site Request Forgery (CSRF) vulnerability in Bosch products A vulnerability in the web-based interface allows an unauthenticated remote attacker to trigger actions on an affected system on behalf of another user (CSRF - Cross Site Request Forgery). | 6.8 |
2021-06-18 | CVE-2021-23845 | Unspecified vulnerability in Bosch products This vulnerability could allow an attacker to hijack a session while a user is logged in the configuration web page. network bosch | 6.8 |
2021-06-18 | CVE-2021-23846 | Cleartext Transmission of Sensitive Information vulnerability in Bosch B426 Firmware When using http protocol, the user password is transmitted as a clear text parameter for which it is possible to be obtained by an attacker through a MITM attack. | 4.3 |
2021-06-09 | CVE-2021-23847 | Missing Authentication for Critical Function vulnerability in Bosch Cpp6 Firmware, Cpp7.3 Firmware and Cpp7 Firmware A Missing Authentication in Critical Function in Bosch IP cameras allows an unauthenticated remote attacker to extract sensitive information or change settings of the camera by sending crafted requests to the device. | 6.4 |
2021-06-09 | CVE-2021-23848 | Cross-site Scripting vulnerability in Bosch products An error in the URL handler Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-based interface. | 4.3 |
2021-06-09 | CVE-2021-23852 | Resource Exhaustion vulnerability in Bosch products An authenticated attacker with administrator rights Bosch IP cameras can call an URL with an invalid parameter that causes the camera to become unresponsive for a few seconds and cause a Denial of Service (DoS). | 4.0 |