Unrated severityNVD Advisory· Published Jan 10, 2024· Updated Jun 17, 2025

CVE-2023-48257

Description

The vulnerability allows a remote attacker to access sensitive data inside exported packages or obtain up to Remote Code Execution (RCE) with root privileges on the device. The vulnerability can be exploited directly by authenticated users, via crafted HTTP requests, or indirectly by unauthenticated users, by accessing already-exported backup packages, or crafting an import package and inducing an authenticated victim into sending the HTTP upload request.

Affected products

Rexroth/Nexo Cordless Nutrunner Nxa015s 36v B (0608842006)v5
Range: NEXO-OS V1000-Release
Rexroth/Nexo Cordless Nutrunner Nxa011s 36v B (0608842012)v5
Range: NEXO-OS V1000-Release
Rexroth/Nexo Cordless Nutrunner Nxv012t 36v B (0608842016)v5
Range: NEXO-OS V1000-Release

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

psirt.bosch.com/security-advisories/BOSCH-SA-711465.htmlmitrevendor-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000