VYPR

Vendor CVEs

Bosch

All CVEs

72 total · sorted by risk
  • CVE-2020-6781Sep 16, 2020
    risk 0.00cvss epss 0.00

    Improper certificate validation for certain connections in the Bosch Smart Home System App for iOS prior to version 9.17.1 potentially allows to intercept video contents by performing a man-in-the-middle attack.

  • CVE-2020-6774May 27, 2020
    risk 0.00cvss epss 0.00

    Improper Access Control in the Kiosk Mode functionality of Bosch Recording Station allows a local unauthenticated attacker to escape from the Kiosk Mode and access the underlying operating system.

  • CVE-2020-6768Feb 7, 2020
    risk 0.00cvss epss 0.02

    A path traversal vulnerability in the Bosch Video Management System (BVMS) NoTouch deployment allows an unauthenticated remote attacker to read arbitrary files from the Central Server. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5…

  • CVE-2020-6769Feb 7, 2020
    risk 0.00cvss epss 0.02

    Missing Authentication for Critical Function in the Bosch Video Streaming Gateway (VSG) allows an unauthenticated remote attacker to retrieve and set arbitrary configuration data of the Video Streaming Gateway. A successful attack can impact the confidentiality and availability…

  • CVE-2020-6767Feb 6, 2020
    risk 0.00cvss epss 0.01

    A path traversal vulnerability in the Bosch Video Management System (BVMS) FileTransferService allows an authenticated remote attacker to read arbitrary files from the Central Server. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5…

  • CVE-2019-11603Aug 21, 2019
    risk 0.00cvss epss 0.02

    A HTTP Traversal Attack in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.0.2 allows remote attackers to read files outside the http root.

  • CVE-2019-11602Aug 21, 2019
    risk 0.00cvss epss 0.01

    Leakage of stack traces in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to gather information about the file system structure.

  • CVE-2019-11601Aug 21, 2019
    risk 0.00cvss epss 0.03

    A directory traversal vulnerability in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to write or delete files at any location.

  • CVE-2019-11897Aug 21, 2019
    risk 0.00cvss epss 0.02

    A Server-Side Request Forgery (SSRF) vulnerability in the backup & restore functionality in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.3.0 allows a remote attacker to forge GET requests to arbitrary URLs. In addition, this could potentially…

  • CVE-2019-11896May 29, 2019
    risk 0.00cvss epss 0.01

    A potential incorrect privilege assignment vulnerability exists in the 3rd party pairing mechanism of the Bosch Smart Home Controller (SHC) before 9.8.907 that may result in a restricted app obtaining default app permissions. In order to exploit the vulnerability, the adversary…

  • CVE-2019-11895May 29, 2019
    risk 0.00cvss epss 0.01

    A potential improper access control vulnerability exists in the JSON-RPC interface of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in a successful denial of service of the SHC and connected sensors and actuators. In order to exploit the vulnerability, the…

  • CVE-2019-11894May 29, 2019
    risk 0.00cvss epss 0.01

    A potential improper access control vulnerability exists in the backup mechanism of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in unauthorized download of a backup. In order to exploit the vulnerability, the adversary needs to download the backup…

  • CVE-2019-11893May 29, 2019
    risk 0.00cvss epss 0.00

    A potential incorrect privilege assignment vulnerability exists in the app permission update API of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in a restricted app obtaining default app permissions. In order to exploit the vulnerability, the adversary…

  • CVE-2019-11892May 29, 2019
    risk 0.00cvss epss 0.01

    A potential improper access control vulnerability exists in the JSON-RPC interface of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in reading or modification of the SHC's configuration or triggering and restoring backups. In order to exploit the…

  • CVE-2019-11891May 29, 2019
    risk 0.00cvss epss 0.01

    A potential incorrect privilege assignment vulnerability exists in the app pairing mechanism of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in elevated privileges of the adversary's choosing. In order to exploit the vulnerability, the adversary needs…

  • CVE-2019-6957May 29, 2019
    risk 0.00cvss epss 0.02

    A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and below, DIVAR IP 2000, 3000, 5000 and 7000, Video Recording Manager (VRM), Video Streaming Gateway (VSG), Configuration Manager, Building Integration System (BIS) with…

  • CVE-2019-6958May 29, 2019
    risk 0.00cvss epss 0.02

    A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and below, DIVAR IP 2000, 3000, 5000 and 7000, Configuration Manager, Building Integration System (BIS) with Video Engine, Access Professional Edition (APE), Access Easy…

  • CVE-2019-8952May 13, 2019
    risk 0.00cvss epss 0.01

    A Path Traversal vulnerability located in the webserver affects several Bosch hardware and software products. The vulnerability potentially allows a remote authorized user to access arbitrary files on the system via the network interface. Affected hardware products: Bosch DIVAR…

  • CVE-2019-8951May 13, 2019
    risk 0.00cvss epss 0.01

    An Open Redirect vulnerability located in the webserver affects several Bosch hardware and software products. The vulnerability potentially allows a remote attacker to redirect users to an arbitrary URL. Affected hardware products: Bosch DIVAR IP 2000 (vulnerable versions: 3.10;…

  • CVE-2019-7728Feb 22, 2019
    risk 0.00cvss epss 0.00

    An issue was discovered in the Bosch Smart Camera App before 1.3.1 for Android. Due to improperly implemented TLS certificate checks, a malicious actor could potentially succeed in executing a man-in-the-middle attack for some connections. (The Bosch Smart Home App is not…

  • CVE-2019-7729Feb 22, 2019
    risk 0.00cvss epss 0.00

    An issue was discovered in the Bosch Smart Camera App before 1.3.1 for Android. Due to setting of insecure permissions, a malicious app could potentially succeed in retrieving video clips or still images that have been cached for clip sharing. (The Bosch Smart Home App is not…

  • CVE-2018-20299Dec 19, 2018
    risk 0.00cvss epss 0.02

    An issue was discovered in several Bosch Smart Home cameras (360 degree indoor camera and Eyes outdoor camera) with firmware before 6.52.4. A malicious client could potentially succeed in the unauthorized execution of code on the device via the network interface, because there…

Page 2 of 2