VYPR

Divar IP All In One 5000

by Bosch

CVEs (10)

  • CVE-2023-35867Dec 18, 2023
    risk 0.00cvss epss 0.01

    An improper handling of a malformed API answer packets to API clients in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. To exploit this vulnerability an attacker has to replace an existing API server e.g. through…

  • CVE-2023-28175Jun 15, 2023
    risk 0.00cvss epss 0.00

    Improper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11.1.1 allows a remote authenticated user to access resources within the trusted internal network via a port forwarding request.

  • CVE-2021-23862Dec 8, 2021
    risk 0.00cvss epss 0.01

    A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. This issue also affects installations of the VRM, DIVAR IP, BVMS with VRM installed, the VIDEOJET decoder (VJD-7513 and VJD-8000).

  • CVE-2021-23861Dec 8, 2021
    risk 0.00cvss epss 0.01

    By executing a special command, an user with administrative rights can get access to extended debug functionality on the VRM allowing an impact on integrity or availability of the installed software. This issue also affects installations of the DIVAR IP and BVMS with VRM…

  • CVE-2021-23860Dec 8, 2021
    risk 0.00cvss epss 0.01

    An error in a page handler of the VRM may lead to a reflected cross site scripting (XSS) in the web-based interface. To exploit this vulnerability an attack must be able to modify the HTTP header that is sent. This issue also affects installations of the DIVAR IP and BVMS with…

  • CVE-2021-23859Dec 8, 2021
    risk 0.00cvss epss 0.01

    An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of a standalone VRM or BVMS with VRM installation this crash also opens the possibility to send further unauthenticated commands to the service. On some products the…

  • CVE-2020-6785Mar 25, 2021
    risk 0.00cvss epss 0.00

    Loading a DLL through an Uncontrolled Search Path Element in Bosch BVMS and BVMS Viewer in versions 10.1.0, 10.0.1, 10.0.0 and 9.0.0 and older potentially allows an attacker to execute arbitrary code on a victim's system. This affects both the installer as well as the installed…

  • CVE-2020-6768Feb 7, 2020
    risk 0.00cvss epss 0.02

    A path traversal vulnerability in the Bosch Video Management System (BVMS) NoTouch deployment allows an unauthenticated remote attacker to read arbitrary files from the Central Server. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5…

  • CVE-2020-6769Feb 7, 2020
    risk 0.00cvss epss 0.02

    Missing Authentication for Critical Function in the Bosch Video Streaming Gateway (VSG) allows an unauthenticated remote attacker to retrieve and set arbitrary configuration data of the Video Streaming Gateway. A successful attack can impact the confidentiality and availability…

  • CVE-2020-6767Feb 6, 2020
    risk 0.00cvss epss 0.01

    A path traversal vulnerability in the Bosch Video Management System (BVMS) FileTransferService allows an authenticated remote attacker to read arbitrary files from the Central Server. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5…