Neom22

Name of the Vulnerable Software and Affected Versions: Bosch Security Systems NBN-498 Dinion2X Day/Night IP Cameras with H.264 Firmware version 4.54.0026 Description: The issue allows remote attackers to conduct XML injection attacks. This is achieved via the `idstring` parameter to the "rcp.xml" endpoint. Recommendations: For Bosch Security Systems NBN-498 Dinion2X Day/Night IP Cameras with H.264 Firmware version 4.54.0026, avoid using the `idstring` parameter in the "rcp.xml" endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the "rcp.xml" endpoint to minimize the risk of exploitation.