Search criteria
6 vulnerabilities found for cpp7 by bosch
VAR-202106-1408
Vulnerability from variot - Updated: 2025-01-30 22:13An error in the URL handler Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-based interface. An attacker with knowledge of the camera address can send a crafted link to a user, which will execute javascript code in the context of the user. Bosch IP There is a cross-site scripting vulnerability in the camera.Information may be obtained and information may be tampered with. Bosch IP cameras is a German network camera equipment. Attackers can use this vulnerability to inject malicious scripts or HTML code. When malicious data is viewed, they can obtain sensitive information or hijack user sessions. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202106-1408",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cpp7",
"scope": "eq",
"trust": 1.0,
"vendor": "bosch",
"version": null
},
{
"model": "cpp6",
"scope": "eq",
"trust": 1.0,
"vendor": "bosch",
"version": null
},
{
"model": "cpp13",
"scope": "eq",
"trust": 1.0,
"vendor": "bosch",
"version": null
},
{
"model": "cpp7.3",
"scope": "eq",
"trust": 1.0,
"vendor": "bosch",
"version": null
},
{
"model": "cpp4",
"scope": "eq",
"trust": 1.0,
"vendor": "bosch",
"version": null
},
{
"model": "cpp4",
"scope": null,
"trust": 0.8,
"vendor": "robert bosch",
"version": null
},
{
"model": "cpp7.3",
"scope": null,
"trust": 0.8,
"vendor": "robert bosch",
"version": null
},
{
"model": "cpp13",
"scope": null,
"trust": 0.8,
"vendor": "robert bosch",
"version": null
},
{
"model": "cpp6",
"scope": null,
"trust": 0.8,
"vendor": "robert bosch",
"version": null
},
{
"model": "cpp7",
"scope": null,
"trust": 0.8,
"vendor": "robert bosch",
"version": null
},
{
"model": "ip cameras",
"scope": null,
"trust": 0.6,
"vendor": "bosch",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-53971"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007993"
},
{
"db": "NVD",
"id": "CVE-2021-23848"
}
]
},
"cve": "CVE-2021-23848",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2021-23848",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-53971",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2021-23848",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "psirt@bosch.com",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"id": "CVE-2021-23848",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2021-23848",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-23848",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "psirt@bosch.com",
"id": "CVE-2021-23848",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-23848",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2021-53971",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202106-739",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-23848",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-53971"
},
{
"db": "VULMON",
"id": "CVE-2021-23848"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007993"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-739"
},
{
"db": "NVD",
"id": "CVE-2021-23848"
},
{
"db": "NVD",
"id": "CVE-2021-23848"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An error in the URL handler Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-based interface. An attacker with knowledge of the camera address can send a crafted link to a user, which will execute javascript code in the context of the user. Bosch IP There is a cross-site scripting vulnerability in the camera.Information may be obtained and information may be tampered with. Bosch IP cameras is a German network camera equipment. Attackers can use this vulnerability to inject malicious scripts or HTML code. When malicious data is viewed, they can obtain sensitive information or hijack user sessions. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-23848"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007993"
},
{
"db": "CNVD",
"id": "CNVD-2021-53971"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2021-23848"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-23848",
"trust": 4.0
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007993",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-53971",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021070713",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202106-739",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-23848",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2021-53971"
},
{
"db": "VULMON",
"id": "CVE-2021-23848"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007993"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-739"
},
{
"db": "NVD",
"id": "CVE-2021-23848"
}
]
},
"id": "VAR-202106-1408",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2021-53971"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"camera device"
],
"sub_category": "IP camera",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2021-53971"
}
]
},
"last_update_date": "2025-01-30T22:13:21.283000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "BOSCH-SA-478243-BT",
"trust": 0.8,
"url": "https://psirt.bosch.com/security-advisories/bosch-sa-478243-bt.html"
},
{
"title": "Patch for Bosch IP cameras cross-site scripting vulnerability (CNVD-2021-53971)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/280721"
},
{
"title": "Bosch IP cameras Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=154906"
},
{
"title": "CVE-2021-23848",
"trust": 0.1,
"url": "https://github.com/PwnCast/CVE-2021-23848 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-53971"
},
{
"db": "VULMON",
"id": "CVE-2021-23848"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007993"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-739"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007993"
},
{
"db": "NVD",
"id": "CVE-2021-23848"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://psirt.bosch.com/security-advisories/bosch-sa-478243-bt.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23848"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021070713"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://github.com/pwncast/cve-2021-23848"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2021-53971"
},
{
"db": "VULMON",
"id": "CVE-2021-23848"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007993"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-739"
},
{
"db": "NVD",
"id": "CVE-2021-23848"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2021-53971"
},
{
"db": "VULMON",
"id": "CVE-2021-23848"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007993"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-739"
},
{
"db": "NVD",
"id": "CVE-2021-23848"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-53971"
},
{
"date": "2021-06-09T00:00:00",
"db": "VULMON",
"id": "CVE-2021-23848"
},
{
"date": "2022-03-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-007993"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-06-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-739"
},
{
"date": "2021-06-09T15:15:08.250000",
"db": "NVD",
"id": "CVE-2021-23848"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-53971"
},
{
"date": "2021-06-17T00:00:00",
"db": "VULMON",
"id": "CVE-2021-23848"
},
{
"date": "2022-03-01T08:32:00",
"db": "JVNDB",
"id": "JVNDB-2021-007993"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-07-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-739"
},
{
"date": "2021-06-17T19:32:47.260000",
"db": "NVD",
"id": "CVE-2021-23848"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-739"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Bosch\u00a0IP\u00a0 Cross-site scripting vulnerability in camera",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007993"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
VAR-202108-1018
Vulnerability from variot - Updated: 2025-01-30 21:17A vulnerability in the web-based interface allows an unauthenticated remote attacker to trigger actions on an affected system on behalf of another user (CSRF - Cross Site Request Forgery). This requires the victim to be tricked into clicking a malicious link or opening a malicious website while being logged in into the camera. plural Bosch Product Contains a cross-site request forgery vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202108-1018",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cpp7.3",
"scope": "eq",
"trust": 1.0,
"vendor": "bosch",
"version": "7.72"
},
{
"model": "cpp7.3",
"scope": "eq",
"trust": 1.0,
"vendor": "bosch",
"version": "7.73"
},
{
"model": "cpp7.3",
"scope": "eq",
"trust": 1.0,
"vendor": "bosch",
"version": "7.62"
},
{
"model": "cpp7",
"scope": "eq",
"trust": 1.0,
"vendor": "bosch",
"version": "7.61"
},
{
"model": "cpp7",
"scope": "eq",
"trust": 1.0,
"vendor": "bosch",
"version": "7.70"
},
{
"model": "aviotec",
"scope": "eq",
"trust": 1.0,
"vendor": "bosch",
"version": "7.72"
},
{
"model": "cpp6",
"scope": "eq",
"trust": 1.0,
"vendor": "bosch",
"version": "7.60"
},
{
"model": "cpp7.3",
"scope": "eq",
"trust": 1.0,
"vendor": "bosch",
"version": "7.80"
},
{
"model": "cpp7",
"scope": "eq",
"trust": 1.0,
"vendor": "bosch",
"version": "7.60"
},
{
"model": "cpp6",
"scope": "eq",
"trust": 1.0,
"vendor": "bosch",
"version": "7.80"
},
{
"model": "cpp7.3",
"scope": "eq",
"trust": 1.0,
"vendor": "bosch",
"version": "7.61"
},
{
"model": "cpp7",
"scope": "eq",
"trust": 1.0,
"vendor": "bosch",
"version": "7.72"
},
{
"model": "cpp13",
"scope": "eq",
"trust": 1.0,
"vendor": "bosch",
"version": "7.75"
},
{
"model": "cpp7.3",
"scope": "eq",
"trust": 1.0,
"vendor": "bosch",
"version": "7.70"
},
{
"model": "aviotec",
"scope": "eq",
"trust": 1.0,
"vendor": "bosch",
"version": "7.61"
},
{
"model": "cpp6",
"scope": "eq",
"trust": 1.0,
"vendor": "bosch",
"version": "7.61"
},
{
"model": "cpp14",
"scope": "eq",
"trust": 1.0,
"vendor": "bosch",
"version": "8.00"
},
{
"model": "cpp6",
"scope": "eq",
"trust": 1.0,
"vendor": "bosch",
"version": "7.70"
},
{
"model": "cpp7.3",
"scope": "eq",
"trust": 1.0,
"vendor": "bosch",
"version": "7.60"
},
{
"model": "cpp4",
"scope": "eq",
"trust": 1.0,
"vendor": "bosch",
"version": "7.10"
},
{
"model": "cpp7",
"scope": "eq",
"trust": 1.0,
"vendor": "bosch",
"version": "7.80"
},
{
"model": "cpp4",
"scope": null,
"trust": 0.8,
"vendor": "robert bosch",
"version": null
},
{
"model": "cpp7.3",
"scope": null,
"trust": 0.8,
"vendor": "robert bosch",
"version": null
},
{
"model": "cpp14",
"scope": null,
"trust": 0.8,
"vendor": "robert bosch",
"version": null
},
{
"model": "aviotec",
"scope": null,
"trust": 0.8,
"vendor": "robert bosch",
"version": null
},
{
"model": "cpp6",
"scope": null,
"trust": 0.8,
"vendor": "robert bosch",
"version": null
},
{
"model": "cpp13",
"scope": null,
"trust": 0.8,
"vendor": "robert bosch",
"version": null
},
{
"model": "cpp7",
"scope": null,
"trust": 0.8,
"vendor": "robert bosch",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-009478"
},
{
"db": "NVD",
"id": "CVE-2021-23849"
}
]
},
"cve": "CVE-2021-23849",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-23849",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2021-23849",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "psirt@bosch.com",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"id": "CVE-2021-23849",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-23849",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-23849",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "psirt@bosch.com",
"id": "CVE-2021-23849",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-23849",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202108-467",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-23849",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-23849"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009478"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-467"
},
{
"db": "NVD",
"id": "CVE-2021-23849"
},
{
"db": "NVD",
"id": "CVE-2021-23849"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the web-based interface allows an unauthenticated remote attacker to trigger actions on an affected system on behalf of another user (CSRF - Cross Site Request Forgery). This requires the victim to be tricked into clicking a malicious link or opening a malicious website while being logged in into the camera. plural Bosch Product Contains a cross-site request forgery vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-23849"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009478"
},
{
"db": "VULMON",
"id": "CVE-2021-23849"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-23849",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009478",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202108-467",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-23849",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2021-23849"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009478"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-467"
},
{
"db": "NVD",
"id": "CVE-2021-23849"
}
]
},
"id": "VAR-202108-1018",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.01
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"camera device"
],
"sub_category": "camera",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
}
]
},
"last_update_date": "2025-01-30T21:17:14.522000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "BOSCH-SA-033305-BT",
"trust": 0.8,
"url": "https://psirt.bosch.com/security-advisories/bosch-sa-033305-bt.html"
},
{
"title": "Bosch IP cameras Fixes for cross-site request forgery vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=159858"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-009478"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-467"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.0
},
{
"problemtype": "Cross-site request forgery (CWE-352) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-009478"
},
{
"db": "NVD",
"id": "CVE-2021-23849"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://psirt.bosch.com/security-advisories/bosch-sa-033305-bt.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23849"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2021-23849"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009478"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-467"
},
{
"db": "NVD",
"id": "CVE-2021-23849"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2021-23849"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009478"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-467"
},
{
"db": "NVD",
"id": "CVE-2021-23849"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-05T00:00:00",
"db": "VULMON",
"id": "CVE-2021-23849"
},
{
"date": "2022-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-009478"
},
{
"date": "2021-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-467"
},
{
"date": "2021-08-05T20:15:07.947000",
"db": "NVD",
"id": "CVE-2021-23849"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-12T00:00:00",
"db": "VULMON",
"id": "CVE-2021-23849"
},
{
"date": "2022-04-28T06:55:00",
"db": "JVNDB",
"id": "JVNDB-2021-009478"
},
{
"date": "2021-08-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-467"
},
{
"date": "2021-08-12T16:20:08.337000",
"db": "NVD",
"id": "CVE-2021-23849"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-467"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0\u00a0Bosch\u00a0 Cross-site request forgery vulnerability in product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-009478"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-467"
}
],
"trust": 0.6
}
}
VAR-202106-1407
Vulnerability from variot - Updated: 2025-01-30 20:15A Missing Authentication in Critical Function in Bosch IP cameras allows an unauthenticated remote attacker to extract sensitive information or change settings of the camera by sending crafted requests to the device. Only devices of the CPP6, CPP7 and CPP7.3 family with firmware 7.70, 7.72, and 7.80 prior to B128 are affected by this vulnerability. Versions 7.62 or lower and INTEOX cameras are not affected. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202106-1407",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cpp7.3",
"scope": "gte",
"trust": 1.0,
"vendor": "bosch",
"version": "7.80"
},
{
"model": "cpp7.3",
"scope": "eq",
"trust": 1.0,
"vendor": "bosch",
"version": "7.72"
},
{
"model": "cpp7",
"scope": "eq",
"trust": 1.0,
"vendor": "bosch",
"version": "7.72"
},
{
"model": "cpp7",
"scope": "gte",
"trust": 1.0,
"vendor": "bosch",
"version": "7.80"
},
{
"model": "cpp6",
"scope": "gte",
"trust": 1.0,
"vendor": "bosch",
"version": "7.80"
},
{
"model": "cpp6",
"scope": "eq",
"trust": 1.0,
"vendor": "bosch",
"version": "7.72"
},
{
"model": "cpp7.3",
"scope": "eq",
"trust": 1.0,
"vendor": "bosch",
"version": "7.70"
},
{
"model": "cpp6",
"scope": "lt",
"trust": 1.0,
"vendor": "bosch",
"version": "7.80.0129"
},
{
"model": "cpp7",
"scope": "eq",
"trust": 1.0,
"vendor": "bosch",
"version": "7.70"
},
{
"model": "cpp6",
"scope": "eq",
"trust": 1.0,
"vendor": "bosch",
"version": "7.70"
},
{
"model": "cpp7.3",
"scope": "lt",
"trust": 1.0,
"vendor": "bosch",
"version": "7.80.0129"
},
{
"model": "cpp7",
"scope": "lt",
"trust": 1.0,
"vendor": "bosch",
"version": "7.80.0129"
},
{
"model": "cpp6",
"scope": null,
"trust": 0.8,
"vendor": "robert bosch",
"version": null
},
{
"model": "cpp7.3",
"scope": null,
"trust": 0.8,
"vendor": "robert bosch",
"version": null
},
{
"model": "cpp7",
"scope": null,
"trust": 0.8,
"vendor": "robert bosch",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-008249"
},
{
"db": "NVD",
"id": "CVE-2021-23847"
}
]
},
"cve": "CVE-2021-23847",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-23847",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-23847",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "psirt@bosch.com",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-23847",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-23847",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-23847",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "psirt@bosch.com",
"id": "CVE-2021-23847",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-23847",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202106-738",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-008249"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-738"
},
{
"db": "NVD",
"id": "CVE-2021-23847"
},
{
"db": "NVD",
"id": "CVE-2021-23847"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Missing Authentication in Critical Function in Bosch IP cameras allows an unauthenticated remote attacker to extract sensitive information or change settings of the camera by sending crafted requests to the device. Only devices of the CPP6, CPP7 and CPP7.3 family with firmware 7.70, 7.72, and 7.80 prior to B128 are affected by this vulnerability. Versions 7.62 or lower and INTEOX cameras are not affected. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-23847"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008249"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-23847",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008249",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021070714",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202106-738",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008249"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-738"
},
{
"db": "NVD",
"id": "CVE-2021-23847"
}
]
},
"id": "VAR-202106-1407",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.01
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"camera device"
],
"sub_category": "IP camera",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
}
]
},
"last_update_date": "2025-01-30T20:15:48.419000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "BOSCH-SA-478243-BT",
"trust": 0.8,
"url": "https://psirt.bosch.com/security-advisories/bosch-sa-478243-bt.html"
},
{
"title": "Bosch IP cameras Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=154905"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-008249"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-738"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.0
},
{
"problemtype": "CWE-287",
"trust": 1.0
},
{
"problemtype": "Lack of authentication for important features (CWE-306) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-008249"
},
{
"db": "NVD",
"id": "CVE-2021-23847"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://psirt.bosch.com/security-advisories/bosch-sa-478243-bt.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23847"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021070714"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008249"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-738"
},
{
"db": "NVD",
"id": "CVE-2021-23847"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008249"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-738"
},
{
"db": "NVD",
"id": "CVE-2021-23847"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-008249"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-06-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-738"
},
{
"date": "2021-06-09T15:15:08.187000",
"db": "NVD",
"id": "CVE-2021-23847"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-09T09:04:00",
"db": "JVNDB",
"id": "JVNDB-2021-008249"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-07-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-738"
},
{
"date": "2021-06-22T13:36:37.013000",
"db": "NVD",
"id": "CVE-2021-23847"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-738"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Bosch\u00a0IP\u00a0 Vulnerability regarding lack of authentication for important functions in cameras",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-008249"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
VAR-202106-1410
Vulnerability from variot - Updated: 2024-08-14 13:07In Bosch IP cameras, improper validation of the HTTP header allows an attacker to inject arbitrary HTTP headers through crafted URLs. Bosch IP The camera contains an input verification vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Bosch IP cameras are German (Bosch) network cameras.
Bosch IP cameras have an input validation error vulnerability. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202106-1410",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cpp7",
"scope": "eq",
"trust": 1.0,
"vendor": "bosch",
"version": null
},
{
"model": "cpp6",
"scope": "eq",
"trust": 1.0,
"vendor": "bosch",
"version": null
},
{
"model": "cpp13",
"scope": "eq",
"trust": 1.0,
"vendor": "bosch",
"version": null
},
{
"model": "cpp7.3",
"scope": "eq",
"trust": 1.0,
"vendor": "bosch",
"version": null
},
{
"model": "cpp4",
"scope": "eq",
"trust": 1.0,
"vendor": "bosch",
"version": null
},
{
"model": "cpp7.3",
"scope": null,
"trust": 0.8,
"vendor": "robert bosch",
"version": null
},
{
"model": "cpp7",
"scope": null,
"trust": 0.8,
"vendor": "robert bosch",
"version": null
},
{
"model": "cpp6",
"scope": null,
"trust": 0.8,
"vendor": "robert bosch",
"version": null
},
{
"model": "cpp4",
"scope": null,
"trust": 0.8,
"vendor": "robert bosch",
"version": null
},
{
"model": "cpp13",
"scope": null,
"trust": 0.8,
"vendor": "robert bosch",
"version": null
},
{
"model": "ip cameras",
"scope": null,
"trust": 0.6,
"vendor": "bosch",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-53973"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008248"
},
{
"db": "NVD",
"id": "CVE-2021-23853"
}
]
},
"cve": "CVE-2021-23853",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-23853",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-53973",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-23853",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "psirt@bosch.com",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"id": "CVE-2021-23853",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-23853",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-23853",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "psirt@bosch.com",
"id": "CVE-2021-23853",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-23853",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2021-53973",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202106-742",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-53973"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008248"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-742"
},
{
"db": "NVD",
"id": "CVE-2021-23853"
},
{
"db": "NVD",
"id": "CVE-2021-23853"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Bosch IP cameras, improper validation of the HTTP header allows an attacker to inject arbitrary HTTP headers through crafted URLs. Bosch IP The camera contains an input verification vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Bosch IP cameras are German (Bosch) network cameras. \n\r\n\r\nBosch IP cameras have an input validation error vulnerability. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-23853"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008248"
},
{
"db": "CNVD",
"id": "CNVD-2021-53973"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-23853",
"trust": 3.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008248",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-53973",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021070709",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202106-742",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-53973"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008248"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-742"
},
{
"db": "NVD",
"id": "CVE-2021-23853"
}
]
},
"id": "VAR-202106-1410",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-53973"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-53973"
}
]
},
"last_update_date": "2024-08-14T13:07:39.312000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "BOSCH-SA-478243-BT",
"trust": 0.8,
"url": "https://psirt.bosch.com/security-advisories/bosch-sa-478243-bt.html"
},
{
"title": "Patch for Bosch IP cameras input validation error vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/280711"
},
{
"title": "Bosch IP cameras Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=154909"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-53973"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008248"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-742"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
},
{
"problemtype": "Incorrect input confirmation (CWE-20) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-008248"
},
{
"db": "NVD",
"id": "CVE-2021-23853"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://psirt.bosch.com/security-advisories/bosch-sa-478243-bt.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23853"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021070709"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-53973"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008248"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-742"
},
{
"db": "NVD",
"id": "CVE-2021-23853"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-53973"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008248"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-742"
},
{
"db": "NVD",
"id": "CVE-2021-23853"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-53973"
},
{
"date": "2022-03-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-008248"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-06-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-742"
},
{
"date": "2021-06-09T15:15:08.377000",
"db": "NVD",
"id": "CVE-2021-23853"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-53973"
},
{
"date": "2022-03-09T09:04:00",
"db": "JVNDB",
"id": "JVNDB-2021-008248"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-07-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-742"
},
{
"date": "2021-06-22T13:39:15.130000",
"db": "NVD",
"id": "CVE-2021-23853"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-742"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Bosch IP cameras input validation error vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-53973"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-742"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
VAR-202106-1411
Vulnerability from variot - Updated: 2024-08-14 12:47An error in the handling of a page parameter in Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-based interface. This issue only affects versions 7.7x and 7.6x. All other versions are not affected. Bosch IP There is a cross-site scripting vulnerability in the camera.Information may be obtained and information may be tampered with. Bosch IP cameras are German (Bosch) network cameras. No detailed vulnerability details are currently provided. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202106-1411",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cpp7.3",
"scope": "eq",
"trust": 1.0,
"vendor": "bosch",
"version": "7.72"
},
{
"model": "cpp7",
"scope": "eq",
"trust": 1.0,
"vendor": "bosch",
"version": "7.72"
},
{
"model": "cpp7.3",
"scope": "eq",
"trust": 1.0,
"vendor": "bosch",
"version": "7.62"
},
{
"model": "cpp13",
"scope": "eq",
"trust": 1.0,
"vendor": "bosch",
"version": "7.75"
},
{
"model": "cpp6",
"scope": "eq",
"trust": 1.0,
"vendor": "bosch",
"version": "7.72"
},
{
"model": "cpp7.3",
"scope": "eq",
"trust": 1.0,
"vendor": "bosch",
"version": "7.70"
},
{
"model": "cpp13",
"scope": "eq",
"trust": 1.0,
"vendor": "bosch",
"version": "7.76"
},
{
"model": "cpp7",
"scope": "eq",
"trust": 1.0,
"vendor": "bosch",
"version": "7.70"
},
{
"model": "cpp7",
"scope": "eq",
"trust": 1.0,
"vendor": "bosch",
"version": "7.62"
},
{
"model": "cpp6",
"scope": "eq",
"trust": 1.0,
"vendor": "bosch",
"version": "7.70"
},
{
"model": "cpp6",
"scope": "eq",
"trust": 1.0,
"vendor": "bosch",
"version": "7.62"
},
{
"model": "cpp13",
"scope": null,
"trust": 0.8,
"vendor": "robert bosch",
"version": null
},
{
"model": "cpp6",
"scope": null,
"trust": 0.8,
"vendor": "robert bosch",
"version": null
},
{
"model": "cpp7",
"scope": null,
"trust": 0.8,
"vendor": "robert bosch",
"version": null
},
{
"model": "cpp7.3",
"scope": null,
"trust": 0.8,
"vendor": "robert bosch",
"version": null
},
{
"model": "ip cameras",
"scope": "eq",
"trust": 0.6,
"vendor": "bosch",
"version": "7.7*"
},
{
"model": "ip cameras",
"scope": "eq",
"trust": 0.6,
"vendor": "bosch",
"version": "7.6*"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-53974"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007991"
},
{
"db": "NVD",
"id": "CVE-2021-23854"
}
]
},
"cve": "CVE-2021-23854",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2021-23854",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2021-53974",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2021-23854",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "psirt@bosch.com",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"id": "CVE-2021-23854",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2021-23854",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-23854",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "psirt@bosch.com",
"id": "CVE-2021-23854",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-23854",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2021-53974",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202106-744",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-23854",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-53974"
},
{
"db": "VULMON",
"id": "CVE-2021-23854"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007991"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-744"
},
{
"db": "NVD",
"id": "CVE-2021-23854"
},
{
"db": "NVD",
"id": "CVE-2021-23854"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An error in the handling of a page parameter in Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-based interface. This issue only affects versions 7.7x and 7.6x. All other versions are not affected. Bosch IP There is a cross-site scripting vulnerability in the camera.Information may be obtained and information may be tampered with. Bosch IP cameras are German (Bosch) network cameras. No detailed vulnerability details are currently provided. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-23854"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007991"
},
{
"db": "CNVD",
"id": "CNVD-2021-53974"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2021-23854"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-23854",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007991",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-53974",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021070710",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202106-744",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-23854",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-53974"
},
{
"db": "VULMON",
"id": "CVE-2021-23854"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007991"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-744"
},
{
"db": "NVD",
"id": "CVE-2021-23854"
}
]
},
"id": "VAR-202106-1411",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-53974"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-53974"
}
]
},
"last_update_date": "2024-08-14T12:47:19.341000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "BOSCH-SA-478243-BT",
"trust": 0.8,
"url": "https://psirt.bosch.com/security-advisories/bosch-sa-478243-bt.html"
},
{
"title": "Patch for Bosch IP cameras cross-site scripting vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/280706"
},
{
"title": "Bosch IP cameras Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=154911"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-53974"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007991"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-744"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007991"
},
{
"db": "NVD",
"id": "CVE-2021-23854"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://psirt.bosch.com/security-advisories/bosch-sa-478243-bt.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23854"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021070710"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-53974"
},
{
"db": "VULMON",
"id": "CVE-2021-23854"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007991"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-744"
},
{
"db": "NVD",
"id": "CVE-2021-23854"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-53974"
},
{
"db": "VULMON",
"id": "CVE-2021-23854"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007991"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-744"
},
{
"db": "NVD",
"id": "CVE-2021-23854"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-53974"
},
{
"date": "2021-06-09T00:00:00",
"db": "VULMON",
"id": "CVE-2021-23854"
},
{
"date": "2022-03-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-007991"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-06-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-744"
},
{
"date": "2021-06-09T15:15:08.437000",
"db": "NVD",
"id": "CVE-2021-23854"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-53974"
},
{
"date": "2021-06-17T00:00:00",
"db": "VULMON",
"id": "CVE-2021-23854"
},
{
"date": "2022-03-01T08:32:00",
"db": "JVNDB",
"id": "JVNDB-2021-007991"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-07-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-744"
},
{
"date": "2021-06-17T16:47:14.217000",
"db": "NVD",
"id": "CVE-2021-23854"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-744"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Bosch IP cameras cross-site scripting vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-53974"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-744"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
VAR-202106-1409
Vulnerability from variot - Updated: 2024-08-14 12:04An authenticated attacker with administrator rights Bosch IP cameras can call an URL with an invalid parameter that causes the camera to become unresponsive for a few seconds and cause a Denial of Service (DoS). Bosch IP Cameras are vulnerable to resource depletion.Denial of service (DoS) It may be put into a state. The vulnerability stems from the failure to filter invalid parameters in the URL entered by a user with administrator rights. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202106-1409",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cpp7",
"scope": "eq",
"trust": 1.0,
"vendor": "bosch",
"version": null
},
{
"model": "cpp6",
"scope": "eq",
"trust": 1.0,
"vendor": "bosch",
"version": null
},
{
"model": "cpp13",
"scope": "eq",
"trust": 1.0,
"vendor": "bosch",
"version": null
},
{
"model": "cpp7.3",
"scope": "eq",
"trust": 1.0,
"vendor": "bosch",
"version": null
},
{
"model": "cpp4",
"scope": "eq",
"trust": 1.0,
"vendor": "bosch",
"version": null
},
{
"model": "cpp4",
"scope": null,
"trust": 0.8,
"vendor": "robert bosch",
"version": null
},
{
"model": "cpp7.3",
"scope": null,
"trust": 0.8,
"vendor": "robert bosch",
"version": null
},
{
"model": "cpp13",
"scope": null,
"trust": 0.8,
"vendor": "robert bosch",
"version": null
},
{
"model": "cpp6",
"scope": null,
"trust": 0.8,
"vendor": "robert bosch",
"version": null
},
{
"model": "cpp7",
"scope": null,
"trust": 0.8,
"vendor": "robert bosch",
"version": null
},
{
"model": "ip cameras",
"scope": null,
"trust": 0.6,
"vendor": "bosch",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-53972"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007992"
},
{
"db": "NVD",
"id": "CVE-2021-23852"
}
]
},
"cve": "CVE-2021-23852",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2021-23852",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CNVD-2021-53972",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.2,
"id": "CVE-2021-23852",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 4.9,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2021-007992",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-23852",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "psirt@bosch.com",
"id": "CVE-2021-23852",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-23852",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2021-53972",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202106-741",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-53972"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007992"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-741"
},
{
"db": "NVD",
"id": "CVE-2021-23852"
},
{
"db": "NVD",
"id": "CVE-2021-23852"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An authenticated attacker with administrator rights Bosch IP cameras can call an URL with an invalid parameter that causes the camera to become unresponsive for a few seconds and cause a Denial of Service (DoS). Bosch IP Cameras are vulnerable to resource depletion.Denial of service (DoS) It may be put into a state. The vulnerability stems from the failure to filter invalid parameters in the URL entered by a user with administrator rights. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-23852"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007992"
},
{
"db": "CNVD",
"id": "CNVD-2021-53972"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-23852",
"trust": 3.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007992",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-53972",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021070708",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202106-741",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-53972"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007992"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-741"
},
{
"db": "NVD",
"id": "CVE-2021-23852"
}
]
},
"id": "VAR-202106-1409",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-53972"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-53972"
}
]
},
"last_update_date": "2024-08-14T12:04:15.529000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "BOSCH-SA-478243-BT",
"trust": 0.8,
"url": "https://psirt.bosch.com/security-advisories/bosch-sa-478243-bt.html"
},
{
"title": "Patch for Bosch IP cameras denial of service vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/280716"
},
{
"title": "Bosch IP cameras Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=154908"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-53972"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007992"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-741"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.0
},
{
"problemtype": "Resource exhaustion (CWE-400) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007992"
},
{
"db": "NVD",
"id": "CVE-2021-23852"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://psirt.bosch.com/security-advisories/bosch-sa-478243-bt.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23852"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021070708"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-53972"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007992"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-741"
},
{
"db": "NVD",
"id": "CVE-2021-23852"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-53972"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007992"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-741"
},
{
"db": "NVD",
"id": "CVE-2021-23852"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-53972"
},
{
"date": "2022-03-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-007992"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-06-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-741"
},
{
"date": "2021-06-09T15:15:08.310000",
"db": "NVD",
"id": "CVE-2021-23852"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-53972"
},
{
"date": "2022-03-01T08:32:00",
"db": "JVNDB",
"id": "JVNDB-2021-007992"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2022-03-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-741"
},
{
"date": "2021-06-17T19:17:15.997000",
"db": "NVD",
"id": "CVE-2021-23852"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-741"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Bosch\u00a0IP\u00a0 Resource depletion vulnerability in camera",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007992"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}