PT-2024-1181 · Bosch · Bosch Nexo Special Cordless Nutrunner+1

Andrea Palanca

Published

2024-01-08

Updated

2024-01-16

CVE-2023-48258

CVSS v2.0

9.4

High

Vector

AV:N/AC:L/Au:N/C:N/I:C/A:C

Name of the Vulnerable Software and Affected Versions Bosch Nexo cordless nutrunner and Bosch Nexo special cordless nutrunner (affected versions not specified)

Description The issue is related to a cross-site request forgery vulnerability. It allows a remote attacker to delete arbitrary files on the file system via a crafted URL or HTTP request through a victim's session.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

BDU:2024-00508

CVE-2023-48258

Affected Products

Bosch Nexo Cordless Nutrunner

Bosch Nexo Special Cordless Nutrunner

PT-2024-1181 · Bosch · Bosch Nexo Special Cordless Nutrunner+1

CVE-2023-48258

Weakness Enumeration

Related Identifiers

Affected Products

References · 8