Vulnerabilities > Bosch > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-09-16 CVE-2020-6781 Improper Certificate Validation vulnerability in Bosch Smart Home
Improper certificate validation for certain connections in the Bosch Smart Home System App for iOS prior to version 9.17.1 potentially allows to intercept video contents by performing a man-in-the-middle attack.
network
bosch CWE-295
5.8
2020-02-07 CVE-2020-6768 Path Traversal vulnerability in Bosch products
A path traversal vulnerability in the Bosch Video Management System (BVMS) NoTouch deployment allows an unauthenticated remote attacker to read arbitrary files from the Central Server.
network
low complexity
bosch CWE-22
5.0
2020-02-07 CVE-2020-6769 Missing Authentication for Critical Function vulnerability in Bosch products
Missing Authentication for Critical Function in the Bosch Video Streaming Gateway (VSG) allows an unauthenticated remote attacker to retrieve and set arbitrary configuration data of the Video Streaming Gateway.
network
low complexity
bosch CWE-306
6.4
2020-02-06 CVE-2020-6767 Path Traversal vulnerability in Bosch products
A path traversal vulnerability in the Bosch Video Management System (BVMS) FileTransferService allows an authenticated remote attacker to read arbitrary files from the Central Server.
network
low complexity
bosch CWE-22
4.0
2019-09-12 CVE-2019-11899 Information Exposure vulnerability in Bosch Access 2.1/3.3/3.7
An unauthenticated attacker can achieve unauthorized access to sensitive data by exploiting Windows SMB protocol on a client installation.
network
low complexity
bosch CWE-200
4.0
2019-09-12 CVE-2019-11898 Use of Hard-coded Credentials vulnerability in Bosch Access 2.1/3.3/3.7
Unauthorized APE administration privileges can be achieved by reverse engineering one of the APE service tools.
network
low complexity
bosch CWE-798
6.5
2019-08-21 CVE-2019-11603 Path Traversal vulnerability in Bosch IOT Gateway Software and Prosyst MBS SDK
A HTTP Traversal Attack in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.0.2 allows remote attackers to read files outside the http root.
network
low complexity
bosch CWE-22
5.0
2019-08-21 CVE-2019-11602 Information Exposure Through an Error Message vulnerability in Bosch IOT Gateway Software and Prosyst MBS SDK
Leakage of stack traces in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to gather information about the file system structure.
network
low complexity
bosch CWE-209
5.0
2019-08-21 CVE-2019-11897 Server-Side Request Forgery (SSRF) vulnerability in Bosch IOT Gateway Software and Prosyst MBS SDK
A Server-Side Request Forgery (SSRF) vulnerability in the backup & restore functionality in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.3.0 allows a remote attacker to forge GET requests to arbitrary URLs.
network
low complexity
bosch CWE-918
5.0
2019-05-29 CVE-2019-11896 Permission Issues vulnerability in Bosch Smart Home Controller Firmware
A potential incorrect privilege assignment vulnerability exists in the 3rd party pairing mechanism of the Bosch Smart Home Controller (SHC) before 9.8.907 that may result in a restricted app obtaining default app permissions.
network
bosch CWE-275
6.8