CRITICAL🇬🇧 English

CVE-2020-6770

CVSS 10.0v3.1pub. 2020-02-07upd. 2024-11-21

Deserialization of Untrusted Data in the BVMS Mobile Video Service (BVMS MVS) allows an unauthenticated remote attacker to execute arbitrary code on the system. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.0.329 and 7.5 and older. This affects Bosch DIVAR IP 3000 and DIVAR IP 7000 if a vulnerable BVMS version is installed.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Bosch Video Management System Mobile Video Service

    APP
    Bosch
    8.0 – 8.0.0.3299.0 – 9.0.0.82710.0 – 10.0.0.1225≤ 7.5
  • Bosch Divar Ip 3000

    HW
    Bosch
    wszystkie wersje
  • Bosch Divar Ip 3000 Firmware

    OS
    Bosch
    wszystkie wersje
  • Bosch Divar Ip 7000

    HW
    Bosch
    wszystkie wersje
  • Bosch Divar Ip 7000 Firmware

    OS
    Bosch
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCEDeserialization
CWE
Referencje

Powiązane podatności

CVE-2021-23859CRITICAL9.1ten sam produkt

An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of...

CVE-2020-6769CRITICAL10.0ten sam produkt

Missing Authentication for Critical Function in the Bosch Video Streaming Gateway (VSG) allows an unauthentica...

CVE-2023-28175HIGH7.1ten sam produkt

Improper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11.1.1 allows a remote authenticated user ...

CVE-2021-23862HIGH7.2ten sam produkt

A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary c...

CVE-2020-6768HIGH8.6ten sam produkt

A path traversal vulnerability in the Bosch Video Management System (BVMS) NoTouch deployment allows an unauth...