HIGH🇬🇧 English

CVE-2023-39509

CVSS 7.2v3.1pub. 2023-12-18upd. 2024-11-21

A command injection vulnerability exists in Bosch IP cameras that allows an authenticated user with administrative rights to run arbitrary commands on the OS of the camera.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • Bosch Cpp13

    HW
    Bosch
    wszystkie wersje
  • Bosch Cpp13 Firmware

    OS
    Bosch
    ≤ 8.90
  • Bosch Cpp14

    HW
    Bosch
    wszystkie wersje
  • Bosch Cpp14 Firmware

    OS
    Bosch
    8.20 – 8.81
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2021-23849HIGH7.5ten sam produkt

A vulnerability in the web-based interface allows an unauthenticated remote attacker to trigger actions on an ...

CVE-2021-23853HIGH8.3ten sam produkt

In Bosch IP cameras, improper validation of the HTTP header allows an attacker to inject arbitrary HTTP header...

CVE-2021-23848HIGH8.3ten sam produkt

An error in the URL handler Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-bas...

CVE-2021-23854HIGH8.3ten sam produkt

An error in the handling of a page parameter in Bosch IP cameras may lead to a reflected cross site scripting ...

CVE-2022-41677MEDIUM5.3ten sam produkt

An information disclosure vulnerability was discovered in Bosch IP camera devices allowing an unauthenticated ...