Vulnerabilities > Bosch > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-04 | CVE-2021-23857 | Improper Authentication vulnerability in Bosch products Login with hash: The login routine allows the client to log in to the system not by using the password, but by using the hash of the password. | 9.8 |
| 2021-06-09 | CVE-2021-23847 | Missing Authentication for Critical Function vulnerability in Bosch Cpp6 Firmware, Cpp7.3 Firmware and Cpp7 Firmware A Missing Authentication in Critical Function in Bosch IP cameras allows an unauthenticated remote attacker to extract sensitive information or change settings of the camera by sending crafted requests to the device. | 9.1 |
| 2021-06-09 | CVE-2021-23853 | Improper Input Validation vulnerability in Bosch products In Bosch IP cameras, improper validation of the HTTP header allows an attacker to inject arbitrary HTTP headers through crafted URLs. | 9.8 |
| 2021-02-26 | CVE-2019-11684 | Missing Authentication for Critical Function vulnerability in Bosch products Improper Access Control in the RCP+ server of the Bosch Video Recording Manager (VRM) component allows arbitrary and unauthenticated access to a limited subset of certificates, stored in the underlying Microsoft Windows operating system. | 9.8 |
| 2021-01-26 | CVE-2020-6779 | Use of Hard-coded Credentials vulnerability in Bosch Fsm-2500 Firmware and Fsm-5000 Firmware Use of Hard-coded Credentials in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 allows an unauthenticated remote attacker to log into the database with admin-privileges. | 10.0 |
| 2020-02-07 | CVE-2020-6770 | Deserialization of Untrusted Data vulnerability in Bosch products Deserialization of Untrusted Data in the BVMS Mobile Video Service (BVMS MVS) allows an unauthenticated remote attacker to execute arbitrary code on the system. | 9.8 |
| 2020-02-07 | CVE-2020-6769 | Missing Authentication for Critical Function vulnerability in Bosch products Missing Authentication for Critical Function in the Bosch Video Streaming Gateway (VSG) allows an unauthenticated remote attacker to retrieve and set arbitrary configuration data of the Video Streaming Gateway. | 9.1 |
| 2019-09-12 | CVE-2019-11898 | Use of Hard-coded Credentials vulnerability in Bosch Access 2.1/3.3/3.7 Unauthorized APE administration privileges can be achieved by reverse engineering one of the APE service tools. | 9.9 |
| 2019-05-29 | CVE-2019-6958 | Missing Authentication for Critical Function vulnerability in Bosch products A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and below, DIVAR IP 2000, 3000, 5000 and 7000, Configuration Manager, Building Integration System (BIS) with Video Engine, Access Professional Edition (APE), Access Easy Controller (AEC), Bosch Video Client (BVC) and Video SDK (VSDK). | 9.1 |
| 2019-05-29 | CVE-2019-6957 | Out-of-bounds Write vulnerability in Bosch products A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and below, DIVAR IP 2000, 3000, 5000 and 7000, Video Recording Manager (VRM), Video Streaming Gateway (VSG), Configuration Manager, Building Integration System (BIS) with Video Engine, Access Professional Edition (APE), Access Easy Controller (AEC), Bosch Video Client (BVC) and Video SDK (VSDK). | 9.8 |