A command injection vulnerability exists in Bosch IP cameras that allows an authenticated user with administrative rights to run arbitrary commands on the OS of the camera.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HBosch Cpp13
HWBoschwszystkie wersjeBosch Cpp13 Firmware
OSBosch≤ 8.90Bosch Cpp14
HWBoschwszystkie wersjeBosch Cpp14 Firmware
OSBosch8.20 – 8.81
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Related vulnerabilities
CVE-2021-23849HIGH7.5ten sam produkt
A vulnerability in the web-based interface allows an unauthenticated remote attacker to trigger actions on an ...
CVE-2021-23853HIGH8.3ten sam produkt
In Bosch IP cameras, improper validation of the HTTP header allows an attacker to inject arbitrary HTTP header...
CVE-2021-23848HIGH8.3ten sam produkt
An error in the URL handler Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-bas...
CVE-2021-23854HIGH8.3ten sam produkt
An error in the handling of a page parameter in Bosch IP cameras may lead to a reflected cross site scripting ...
CVE-2022-41677MEDIUM5.3ten sam produkt
An information disclosure vulnerability was discovered in Bosch IP camera devices allowing an unauthenticated ...