CRITICAL🇬🇧 English

CVE-2022-36301

CVSS 9.8v3.1pub. 2022-08-01upd. 2024-11-21

BF-OS version 3.x up to and including 3.83 do not enforce strong passwords which may allow a remote attacker to brute-force the device password.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Bosch Bf Os

    OS
    Bosch
    3.0 – 3.83
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2022-36302HIGH8.8ten sam produkt

File path manipulation vulnerability in BF-OS version 3.00 up to and including 3.83 allows an attacker to modi...

CVE-2021-23859CRITICAL9.1ten sam vendor

An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of...

CVE-2021-23856CRITICAL10.0ten sam vendor

The web server is vulnerable to reflected XSS and therefore an attacker might be able to execute scripts on a ...

CVE-2021-23857CRITICAL10.0ten sam vendor

Login with hash: The login routine allows the client to log in to the system not by using the password, but by...

CVE-2021-23847CRITICAL9.8ten sam vendor

A Missing Authentication in Critical Function in Bosch IP cameras allows an unauthenticated remote attacker to...

CVE-2022-36301 — CRITICAL 9.8 | CVEbaza.pl