This issue only affects versions 7.7x and 7.6x. For a list of modified CVSS scores, please see the official Bosch Advisory Appendix chapter Modified CVSS Scores for CVE-2021-23859Īn error in the handling of a page parameter in Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-based interface. On some products the interface is only local accessible lowering the CVSS base score.
In case of a standalone VRM or BVMS with VRM installation this crash also opens the possibility to send further unauthenticated commands to the service. or earlier, when successfully exploited allows an attacker to inject random HTML code into a component loaded by WebView, thus allowing the Application to display web resources controlled by the attacker.Īn unauthenticated attacker is able to send a special HTTP request, that causes a service to crash.
#Bosch ip camera utility download android#
HTML code injection vulnerability in Android Application, Bosch Video Security, version 3.2.3. The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 and earlier was found to be vulnerable to command injection through its diagnostics web interface. In combination with CVE-2022-23534 this could give an attacker root access to the switch. The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 runs its web server with root privilege. This would allow a non-administrator user to obtain administrator user access rights. The user access rights validation in the web server of the Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 was insufficient.
0 kommentar(er)
