CRITICAL🇵🇱 Wersja polska

CVE-2021-23847

CVSS 9.8v3.1pub. 2021-06-09upd. 2024-11-21

A Missing Authentication in Critical Function in Bosch IP cameras allows an unauthenticated remote attacker to extract sensitive information or change settings of the camera by sending crafted requests to the device. Only devices of the CPP6, CPP7 and CPP7.3 family with firmware 7.70, 7.72, and 7.80 prior to B128 are affected by this vulnerability. Versions 7.62 or lower and INTEOX cameras are not affected.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Bosch Cpp6

    HW
    Bosch
    wszystkie wersje
  • Bosch Cpp6 Firmware

    OS
    Bosch
    7.707.727.80 – 7.80.0129 (bez)
  • Bosch Cpp7

    HW
    Bosch
    wszystkie wersje
  • Bosch Cpp7.3

    HW
    Bosch
    wszystkie wersje
  • Bosch Cpp7.3 Firmware

    OS
    Bosch
    7.707.727.80 – 7.80.0129 (bez)
  • Bosch Cpp7 Firmware

    OS
    Bosch
    7.707.727.80 – 7.80.0129 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2021-23849HIGH7.5ten sam produkt

A vulnerability in the web-based interface allows an unauthenticated remote attacker to trigger actions on an ...

CVE-2021-23848HIGH8.3ten sam produkt

An error in the URL handler Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-bas...

CVE-2021-23853HIGH8.3ten sam produkt

In Bosch IP cameras, improper validation of the HTTP header allows an attacker to inject arbitrary HTTP header...

CVE-2021-23854HIGH8.3ten sam produkt

An error in the handling of a page parameter in Bosch IP cameras may lead to a reflected cross site scripting ...

CVE-2022-41677MEDIUM5.3ten sam produkt

An information disclosure vulnerability was discovered in Bosch IP camera devices allowing an unauthenticated ...