Deserialization of Untrusted Data in the BVMS Mobile Video Service (BVMS MVS) allows an unauthenticated remote attacker to execute arbitrary code on the system. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.0.329 and 7.5 and older. This affects Bosch DIVAR IP 3000 and DIVAR IP 7000 if a vulnerable BVMS version is installed.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HBosch Video Management System Mobile Video Service
APPBosch8.0 – 8.0.0.3299.0 – 9.0.0.82710.0 – 10.0.0.1225≤ 7.5Bosch Divar Ip 3000
HWBoschwszystkie wersjeBosch Divar Ip 3000 Firmware
OSBoschwszystkie wersjeBosch Divar Ip 7000
HWBoschwszystkie wersjeBosch Divar Ip 7000 Firmware
OSBoschwszystkie wersje
Related vulnerabilities
An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of...
Missing Authentication for Critical Function in the Bosch Video Streaming Gateway (VSG) allows an unauthentica...
Improper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11.1.1 allows a remote authenticated user ...
A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary c...
A path traversal vulnerability in the Bosch Video Management System (BVMS) NoTouch deployment allows an unauth...