Adrián Quirós Godoy

**Name of the Vulnerable Software and Affected Versions** Bosch DIVAR IP 2000 versions 3.10 through 3.62 Bosch DIVAR IP 5000 versions 3.10 through 3.62 Video Recording Manager (VRM) versions 3.20 through 3.62 Bosch Video Management System (BVMS) versions 3.50.00XX through 3.60.00XX **Description** An Open Redirect issue in the webserver affects several Bosch products, potentially allowing a remote attacker to redirect users to an arbitrary URL. **Recommendations** For Bosch DIVAR IP 2000 versions 3.10 through 3.62, update to version 3.62.0019 or newer. For Bosch DIVAR IP 5000 versions 3.10 through 3.62, update to version 3.80.0033 or newer. For Video Recording Manager (VRM) versions 3.20 through 3.62, update to version 3.70.0056 or newer, or version 3.81.0032 or newer. For Bosch Video Management System (BVMS) versions 3.50.00XX through 3.60.00XX, update to version 7.5 or version 3.70.0056.

**Name of the Vulnerable Software and Affected Versions** Bosch DIVAR IP 2000 versions 3.10 through 3.62 Bosch DIVAR IP 5000 versions 3.10 through 3.62 Video Recording Manager (VRM) versions 3.10 through 3.71 before 3.71.0032 Bosch Video Management System (BVMS) versions 3.50.00XX through 3.70.0056 **Description** A Path Traversal issue affects several Bosch hardware and software products, potentially allowing a remote authorized user to access arbitrary files on the system via the network interface. **Recommendations** For Bosch DIVAR IP 2000 versions 3.10 through 3.62, update to version 3.62.0019 or newer. For Bosch DIVAR IP 5000 versions 3.10 through 3.62, update to version 3.80.0033 or newer. For Video Recording Manager (VRM) versions 3.10 through 3.71 before 3.71.0032, update to version 3.71.0032 or newer. For Bosch Video Management System (BVMS) versions 3.50.00XX through 3.70.0056, update to version 7.5 or 3.71.0032.