Filtered by vendor Bosch
Subscribe
Total
100 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-39509 | 1 Bosch | 4 Cpp13, Cpp13 Firmware, Cpp14 and 1 more | 2024-02-05 | N/A | 7.2 HIGH |
A command injection vulnerability exists in Bosch IP cameras that allows an authenticated user with administrative rights to run arbitrary commands on the OS of the camera. | |||||
CVE-2023-48254 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-02-05 | N/A | 6.1 MEDIUM |
The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request. | |||||
CVE-2023-48252 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-02-05 | N/A | 8.8 HIGH |
The vulnerability allows an authenticated remote attacker to perform actions exceeding their authorized access via crafted HTTP requests. | |||||
CVE-2023-48251 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-02-05 | N/A | 9.8 CRITICAL |
The vulnerability allows a remote attacker to authenticate to the SSH service with root privileges through a hidden hard-coded account. | |||||
CVE-2023-48265 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-02-05 | N/A | 9.8 CRITICAL |
The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request. | |||||
CVE-2023-48255 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-02-05 | N/A | 6.1 MEDIUM |
The vulnerability allows an unauthenticated remote attacker to send malicious network requests containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the poisoned log. | |||||
CVE-2023-48250 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-02-05 | N/A | 9.8 CRITICAL |
The vulnerability allows a remote attacker to authenticate to the web application with high privileges through multiple hidden hard-coded accounts. | |||||
CVE-2023-48244 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-02-05 | N/A | 6.1 MEDIUM |
The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request. | |||||
CVE-2023-48247 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-02-05 | N/A | 7.5 HIGH |
The vulnerability allows an unauthenticated remote attacker to read arbitrary files under the context of the application OS user (“root”) via a crafted HTTP request. | |||||
CVE-2023-48243 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-02-05 | N/A | 8.8 HIGH |
The vulnerability allows a remote attacker to upload arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. By abusing this vulnerability, it is possible to obtain remote code execution (RCE) with root privileges on the device. | |||||
CVE-2023-48256 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-02-05 | N/A | 6.3 MEDIUM |
The vulnerability allows a remote attacker to inject arbitrary HTTP response headers or manipulate HTTP response bodies inside a victim’s session via a crafted URL or HTTP request. | |||||
CVE-2023-35867 | 1 Bosch | 20 Onvif Camera Event Driver Tool, Bosch Video Management System, Building Integration System Video Engine and 17 more | 2024-02-05 | N/A | 5.9 MEDIUM |
An improper handling of a malformed API answer packets to API clients in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. To exploit this vulnerability an attacker has to replace an existing API server e.g. through Man-in-the-Middle attacks. | |||||
CVE-2023-48246 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-02-05 | N/A | 6.5 MEDIUM |
The vulnerability allows a remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. | |||||
CVE-2023-48263 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-02-05 | N/A | 9.8 CRITICAL |
The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request. | |||||
CVE-2023-49722 | 1 Bosch | 6 Bcc101, Bcc101 Firmware, Bcc102 and 3 more | 2024-02-05 | N/A | 6.5 MEDIUM |
Network port 8899 open in WiFi firmware of BCC101/BCC102/BCC50 products, that allows an attacker to connect to the device via same WiFi network. | |||||
CVE-2023-32230 | 1 Bosch | 7 Monitor Wall, Video Recording Manager, Video Streaming Gateway and 4 more | 2024-02-05 | N/A | 7.5 HIGH |
An improper handling of a malformed API request to an API server in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. | |||||
CVE-2023-48264 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-02-05 | N/A | 9.8 CRITICAL |
The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request. | |||||
CVE-2023-48253 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-02-05 | N/A | 8.8 HIGH |
The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTTP request. By abusing this vulnerability it is possible to exfiltrate other users’ password hashes or update them with arbitrary values and access their accounts. | |||||
CVE-2023-48249 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-02-05 | N/A | 6.5 MEDIUM |
The vulnerability allows an authenticated remote attacker to list arbitrary folders in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. By abusing this vulnerability, it is possible to steal session cookies of other active users. | |||||
CVE-2023-48260 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-02-05 | N/A | 7.5 HIGH |
The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request. |