Improper Access Control in the RCP+ server of the Bosch Video Recording Manager (VRM) component allows arbitrary and unauthenticated access to a limited subset of certificates, stored in the underlying Microsoft Windows operating system. The fixed versions implement modified authentication checks. Prior releases of VRM software version 3.70 are considered unaffected. This vulnerability affects VRM v3.70.x, v3.71 < v3.71.0034 and v3.81 < 3.81.0050; DIVAR IP 5000 3.80 < 3.80.0039; BVMS all versions using VRM.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:LBosch Divar Ip 5000
HWBoschwszystkie wersjeBosch Divar Ip 5000 Firmware
OSBosch3.80 – 3.80.0039 (bez)Bosch Video Management System
APPBosch3.70.00563.70.00583.70.00603.70.00623.71.00223.71.00293.71.00313.71.00323.81.00323.81.00383.81.0048Bosch Video Recording Manager
APPBosch3.81 – 3.81.0050 (bez)3.70 – 3.71.0034 (bez)
Related vulnerabilities
An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of...
Missing Authentication for Critical Function in the Bosch Video Streaming Gateway (VSG) allows an unauthentica...
A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and...
An improper handling of a malformed API request to an API server in Bosch BT software products can allow an un...
Improper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11.1.1 allows a remote authenticated user ...