CVE-2019-11893

Name of the Vulnerable Software and Affected Versions Bosch Smart Home Controller (SHC) versions prior to 9.8.905

Description A potential incorrect privilege assignment issue exists in the app permission update API, which may allow a restricted app to obtain default app permissions. To exploit this, an adversary must first successfully pair an app with restricted permissions, requiring user interaction.

Recommendations For versions prior to 9.8.905, update to version 9.8.905 or later to resolve the issue. As a temporary workaround, consider restricting app pairing to minimize the risk of exploitation.