PT-2020-7877 · Bosch Security Systems · Nbn-498 Dinion2X Day/Night Ip Cameras

Neom22

Published

2020-02-18

Updated

2020-02-27

CVE-2015-6970

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: Bosch Security Systems NBN-498 Dinion2X Day/Night IP Cameras with H.264 Firmware version 4.54.0026

Description: The issue allows remote attackers to conduct XML injection attacks. This is achieved via the idstring parameter to the "rcp.xml" endpoint.

Recommendations: For Bosch Security Systems NBN-498 Dinion2X Day/Night IP Cameras with H.264 Firmware version 4.54.0026, avoid using the idstring parameter in the "rcp.xml" endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the "rcp.xml" endpoint to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-91

Related Identifiers

CVE-2015-6970

Affected Products

Nbn-498 Dinion2X Day/Night Ip Cameras

PT-2020-7877 · Bosch Security Systems · Nbn-498 Dinion2X Day/Night Ip Cameras

CVE-2015-6970

Weakness Enumeration

Related Identifiers

Affected Products

References · 2