PT-2021-3730 · Bosch · Bosch Ip Cameras

Alexander Nochvay

Published

2021-06-09

Updated

2021-06-22

CVE-2021-23847

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Bosch IP cameras versions 7.70 through 7.80 prior to B128

Description A Missing Authentication in Critical Function in Bosch IP cameras allows an unauthenticated remote attacker to extract sensitive information or change settings of the camera by sending crafted requests to the device. The vulnerability affects devices of the CPP6, CPP7, and CPP7.3 family.

Recommendations For versions 7.70 through 7.80 prior to B128, update the firmware to a version that includes the fix for this issue, specifically B128 or later. As a temporary workaround, consider restricting access to the device to minimize the risk of exploitation.

Fix

Missing Authentication

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306CWE-287

Related Identifiers

BDU:2021-03970

CVE-2021-23847

Affected Products

Bosch Ip Cameras

PT-2021-3730 · Bosch · Bosch Ip Cameras

CVE-2021-23847

Weakness Enumeration

Related Identifiers

Affected Products

References · 6