BF-OS version 3.x up to and including 3.83 do not enforce strong passwords which may allow a remote attacker to brute-force the device password.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HBosch Bf Os
OSBosch3.0 – 3.83
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Related vulnerabilities
CVE-2022-36302HIGH8.8ten sam produkt
File path manipulation vulnerability in BF-OS version 3.00 up to and including 3.83 allows an attacker to modi...
CVE-2021-23859CRITICAL9.1ten sam vendor
An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of...
CVE-2021-23856CRITICAL10.0ten sam vendor
The web server is vulnerable to reflected XSS and therefore an attacker might be able to execute scripts on a ...
CVE-2021-23857CRITICAL10.0ten sam vendor
Login with hash: The login routine allows the client to log in to the system not by using the password, but by...
CVE-2021-23847CRITICAL9.8ten sam vendor
A Missing Authentication in Critical Function in Bosch IP cameras allows an unauthenticated remote attacker to...