HIGH🇵🇱 Wersja polska

CVE-2023-39509

CVSS 7.2v3.1pub. 2023-12-18upd. 2024-11-21

A command injection vulnerability exists in Bosch IP cameras that allows an authenticated user with administrative rights to run arbitrary commands on the OS of the camera.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • Bosch Cpp13

    HW
    Bosch
    wszystkie wersje
  • Bosch Cpp13 Firmware

    OS
    Bosch
    ≤ 8.90
  • Bosch Cpp14

    HW
    Bosch
    wszystkie wersje
  • Bosch Cpp14 Firmware

    OS
    Bosch
    8.20 – 8.81
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2021-23849HIGH7.5ten sam produkt

A vulnerability in the web-based interface allows an unauthenticated remote attacker to trigger actions on an ...

CVE-2021-23853HIGH8.3ten sam produkt

In Bosch IP cameras, improper validation of the HTTP header allows an attacker to inject arbitrary HTTP header...

CVE-2021-23848HIGH8.3ten sam produkt

An error in the URL handler Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-bas...

CVE-2021-23854HIGH8.3ten sam produkt

An error in the handling of a page parameter in Bosch IP cameras may lead to a reflected cross site scripting ...

CVE-2022-41677MEDIUM5.3ten sam produkt

An information disclosure vulnerability was discovered in Bosch IP camera devices allowing an unauthenticated ...