CVE-2019-11894

Name of the Vulnerable Software and Affected Versions Bosch Smart Home Controller versions prior to 9.8.905

Description A potential improper access control issue exists in the backup mechanism of the Bosch Smart Home Controller. This issue may allow unauthorized download of a backup. To exploit this, an adversary must download the backup directly after a legitimate user has triggered a backup.

Recommendations For versions prior to 9.8.905, update to version 9.8.905 or later to resolve the issue. As a temporary workaround, consider restricting access to the backup mechanism to minimize the risk of exploitation.