Bosch Security
by Bosch
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-23858 | Hig | 0.56 | 8.6 | 0.01 | Oct 4, 2021 | Information disclosure: The main configuration, including users and their hashed passwords, is exposed by an unprotected web server resource and can be accessed without authentication. Additionally, device details are exposed which include the serial number and the firmware… | ||
| CVE-2023-48264 | Hig | 0.53 | 8.1 | 0.01 | Jan 10, 2024 | The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request. | ||
| CVE-2023-48243 | Hig | 0.53 | 8.1 | 0.01 | Jan 10, 2024 | The vulnerability allows a remote attacker to upload arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. By abusing this vulnerability, it is possible to obtain remote code execution (RCE) with root… | ||
| CVE-2023-48249 | Med | 0.42 | 6.5 | 0.01 | Jan 10, 2024 | The vulnerability allows an authenticated remote attacker to list arbitrary folders in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. By abusing this vulnerability, it is possible to steal session cookies of other… | ||
| CVE-2023-48246 | Med | 0.42 | 6.5 | 0.01 | Jan 10, 2024 | The vulnerability allows a remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. | ||
| CVE-2023-48242 | Med | 0.42 | 6.5 | 0.01 | Jan 10, 2024 | The vulnerability allows an authenticated remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. | ||
| CVE-2023-48255 | Med | 0.41 | 6.3 | 0.01 | Jan 10, 2024 | The vulnerability allows an unauthenticated remote attacker to send malicious network requests containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the… |
- risk 0.56cvss 8.6epss 0.01
Information disclosure: The main configuration, including users and their hashed passwords, is exposed by an unprotected web server resource and can be accessed without authentication. Additionally, device details are exposed which include the serial number and the firmware…
- risk 0.53cvss 8.1epss 0.01
The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.
- risk 0.53cvss 8.1epss 0.01
The vulnerability allows a remote attacker to upload arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. By abusing this vulnerability, it is possible to obtain remote code execution (RCE) with root…
- risk 0.42cvss 6.5epss 0.01
The vulnerability allows an authenticated remote attacker to list arbitrary folders in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. By abusing this vulnerability, it is possible to steal session cookies of other…
- risk 0.42cvss 6.5epss 0.01
The vulnerability allows a remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request.
- risk 0.42cvss 6.5epss 0.01
The vulnerability allows an authenticated remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request.
- risk 0.41cvss 6.3epss 0.01
The vulnerability allows an unauthenticated remote attacker to send malicious network requests containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the…