Filtered by vendor Bosch
Subscribe
Total
108 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-48253 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-11-21 | N/A | 8.8 HIGH |
| The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTTP request. By abusing this vulnerability it is possible to exfiltrate other users’ password hashes or update them with arbitrary values and access their accounts. | |||||
| CVE-2023-48252 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-11-21 | N/A | 8.8 HIGH |
| The vulnerability allows an authenticated remote attacker to perform actions exceeding their authorized access via crafted HTTP requests. | |||||
| CVE-2023-48251 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-11-21 | N/A | 8.1 HIGH |
| The vulnerability allows a remote attacker to authenticate to the SSH service with root privileges through a hidden hard-coded account. | |||||
| CVE-2023-48250 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-11-21 | N/A | 8.1 HIGH |
| The vulnerability allows a remote attacker to authenticate to the web application with high privileges through multiple hidden hard-coded accounts. | |||||
| CVE-2023-48249 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| The vulnerability allows an authenticated remote attacker to list arbitrary folders in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. By abusing this vulnerability, it is possible to steal session cookies of other active users. | |||||
| CVE-2023-48248 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| The vulnerability allows an authenticated remote attacker to upload a malicious file to the SD card containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the poisoned file. | |||||
| CVE-2023-48247 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-11-21 | N/A | 5.3 MEDIUM |
| The vulnerability allows an unauthenticated remote attacker to read arbitrary files under the context of the application OS user (“root”) via a crafted HTTP request. | |||||
| CVE-2023-48246 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| The vulnerability allows a remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. | |||||
| CVE-2023-48245 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| The vulnerability allows an unauthenticated remote attacker to upload arbitrary files under the context of the application OS user (“root”) via a crafted HTTP request. | |||||
| CVE-2023-48244 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-11-21 | N/A | 5.3 MEDIUM |
| The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request. | |||||
| CVE-2023-48243 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-11-21 | N/A | 8.1 HIGH |
| The vulnerability allows a remote attacker to upload arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. By abusing this vulnerability, it is possible to obtain remote code execution (RCE) with root privileges on the device. | |||||
| CVE-2023-48242 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| The vulnerability allows an authenticated remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. | |||||
| CVE-2023-39509 | 1 Bosch | 4 Cpp13, Cpp13 Firmware, Cpp14 and 1 more | 2024-11-21 | N/A | 7.2 HIGH |
| A command injection vulnerability exists in Bosch IP cameras that allows an authenticated user with administrative rights to run arbitrary commands on the OS of the camera. | |||||
| CVE-2023-35867 | 1 Bosch | 20 Onvif Camera Event Driver Tool, Bosch Video Management System, Building Integration System Video Engine and 17 more | 2024-11-21 | N/A | 5.9 MEDIUM |
| An improper handling of a malformed API answer packets to API clients in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. To exploit this vulnerability an attacker has to replace an existing API server e.g. through Man-in-the-Middle attacks. | |||||
| CVE-2023-34999 | 1 Bosch | 1 Rts Vlink Virtual Matrix | 2024-11-21 | N/A | 8.4 HIGH |
| A command injection vulnerability exists in RTS VLink Virtual Matrix Software Versions v5 (< 5.7.6) and v6 (< 6.5.0) that allows an attacker to perform arbitrary code execution via the admin web interface. | |||||
| CVE-2023-32230 | 1 Bosch | 7 Monitor Wall, Video Recording Manager, Video Streaming Gateway and 4 more | 2024-11-21 | N/A | 7.5 HIGH |
| An improper handling of a malformed API request to an API server in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. | |||||
| CVE-2023-32229 | 1 Bosch | 17 Autodome 7000i, Autodome 7100 Ir, Autodome Inteox 7000i and 14 more | 2024-11-21 | N/A | 4.9 MEDIUM |
| Due to an error in the software interface to the secure element chip on Bosch IP cameras of family CPP13 and CPP14, the chip can be permanently damaged when enabling the Stream security option (signing of the video stream) with option MD5, SHA-1 or SHA-256. | |||||
| CVE-2023-29241 | 1 Bosch | 1 Building Integration System | 2024-11-21 | N/A | 8.1 HIGH |
| Improper Information in Cybersecurity Guidebook in Bosch Building Integration System (BIS) 5.0 may lead to wrong configuration which allows local users to access data via network | |||||
| CVE-2023-28175 | 1 Bosch | 16 Divar Ip 3000, Divar Ip 3000 Firmware, Divar Ip 4000 and 13 more | 2024-11-21 | N/A | 7.1 HIGH |
| Improper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11.1.1 allows a remote authenticated user to access resources within the trusted internal network via a port forwarding request. | |||||
| CVE-2022-47648 | 1 Bosch | 2 B420, B420 Firmware | 2024-11-21 | N/A | 7.6 HIGH |
| An Improper Access Control vulnerability allows an attacker to access the control panel of the B420 without requiring any sort of authorization or authentication due to the IP based authorization. If an authorized user has accessed a publicly available B420 product using valid credentials, an insider attacker can gain access to the same panel without requiring any sort of authorization. The B420 module was already obsolete at the time this vulnerability was found (The End of Life announcement was made in 2013). | |||||