Vulnerabilities > Bosch

DATE CVE VULNERABILITY TITLE RISK
2021-10-04 CVE-2021-23855 Inadequate Encryption Strength vulnerability in Bosch products
The user and password data base is exposed by an unprotected web server resource.
network
low complexity
bosch CWE-326
5.0
2021-10-04 CVE-2021-23856 Cross-site Scripting vulnerability in Bosch products
The web server is vulnerable to reflected XSS and therefore an attacker might be able to execute scripts on a client’s computer by sending the client a manipulated URL.
network
bosch CWE-79
4.3
2021-10-04 CVE-2021-23857 Improper Authentication vulnerability in Bosch products
Login with hash: The login routine allows the client to log in to the system not by using the password, but by using the hash of the password.
network
low complexity
bosch CWE-287
critical
10.0
2021-10-04 CVE-2021-23858 Missing Authentication for Critical Function vulnerability in Bosch products
Information disclosure: The main configuration, including users and their hashed passwords, is exposed by an unprotected web server resource and can be accessed without authentication.
network
low complexity
bosch CWE-306
7.8
2021-08-05 CVE-2021-23849 Cross-Site Request Forgery (CSRF) vulnerability in Bosch products
A vulnerability in the web-based interface allows an unauthenticated remote attacker to trigger actions on an affected system on behalf of another user (CSRF - Cross Site Request Forgery).
network
bosch CWE-352
6.8
2021-06-18 CVE-2021-23845 Unspecified vulnerability in Bosch products
This vulnerability could allow an attacker to hijack a session while a user is logged in the configuration web page.
network
bosch
6.8
2021-06-18 CVE-2021-23846 Cleartext Transmission of Sensitive Information vulnerability in Bosch B426 Firmware
When using http protocol, the user password is transmitted as a clear text parameter for which it is possible to be obtained by an attacker through a MITM attack.
network
bosch CWE-319
4.3
2021-06-09 CVE-2021-23847 Missing Authentication for Critical Function vulnerability in Bosch Cpp6 Firmware, Cpp7.3 Firmware and Cpp7 Firmware
A Missing Authentication in Critical Function in Bosch IP cameras allows an unauthenticated remote attacker to extract sensitive information or change settings of the camera by sending crafted requests to the device.
network
low complexity
bosch CWE-306
6.4
2021-06-09 CVE-2021-23848 Cross-site Scripting vulnerability in Bosch products
An error in the URL handler Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-based interface.
network
bosch CWE-79
4.3
2021-06-09 CVE-2021-23852 Resource Exhaustion vulnerability in Bosch products
An authenticated attacker with administrator rights Bosch IP cameras can call an URL with an invalid parameter that causes the camera to become unresponsive for a few seconds and cause a Denial of Service (DoS).
network
low complexity
bosch CWE-400
4.0