CVE-2021-23846

Name of the Vulnerable Software and Affected Versions: Bosch B426 versions prior to 3.11.5

Description: The issue allows an attacker to obtain user passwords through a Man-In-The-Middle (MITM) attack when using the http protocol, as passwords are transmitted as clear text parameters.

Recommendations: For versions prior to 3.11.5, update to Firmware version 3.11.5 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the http protocol until the update is available. Restrict access to the web configuration interface to minimize the risk of exploitation.