CVE-2019-11892

Name of the Vulnerable Software and Affected Versions Bosch Smart Home Controller versions prior to 9.8.905

Description A potential improper access control issue exists in the JSON-RPC interface that may allow reading or modification of the configuration or triggering and restoring backups. To exploit this, an adversary must first successfully pair an app or service, which requires user interaction.

Recommendations For versions prior to 9.8.905, update to version 9.8.905 or later to resolve the issue. As a temporary workaround, consider restricting access to the JSON-RPC interface until the update is applied.