CVE-2020-6769

Name of the Vulnerable Software and Affected Versions Bosch Video Streaming Gateway versions 6.42.10 and older, 6.43 <= 6.43.0023, 6.44 <= 6.44.022, 6.45 <= 6.45.08 Bosch DIVAR IP 2000 versions <= 3.62.0019 Bosch DIVAR IP 5000 versions <= 3.80.0039

Description The issue allows an unauthenticated remote attacker to retrieve and set arbitrary configuration data of the Video Streaming Gateway, impacting the confidentiality and availability of live and recorded video data of all cameras configured to be controlled by the VSG as well as the recording storage associated with the VSG.

Recommendations For Bosch Video Streaming Gateway versions 6.42.10 and older, 6.43 <= 6.43.0023, 6.44 <= 6.44.022, 6.45 <= 6.45.08, update to a version outside of the affected range to resolve the issue. For Bosch DIVAR IP 2000 versions <= 3.62.0019, update to a version outside of the affected range to resolve the issue. For Bosch DIVAR IP 5000 versions <= 3.80.0039, update to a version outside of the affected range and ensure that port 8023 is not opened in the device's firewall to prevent exploitation.