Filtered by vendor Bosch Subscriptions
Total 104 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-48249 1 Bosch 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more 2024-11-21 6.5 Medium
The vulnerability allows an authenticated remote attacker to list arbitrary folders in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. By abusing this vulnerability, it is possible to steal session cookies of other active users.
CVE-2023-48248 1 Bosch 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more 2024-11-21 5.5 Medium
The vulnerability allows an authenticated remote attacker to upload a malicious file to the SD card containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the poisoned file.
CVE-2023-48247 1 Bosch 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more 2024-11-21 5.3 Medium
The vulnerability allows an unauthenticated remote attacker to read arbitrary files under the context of the application OS user (“root”) via a crafted HTTP request.
CVE-2023-48246 1 Bosch 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more 2024-11-21 6.5 Medium
The vulnerability allows a remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request.
CVE-2023-48245 1 Bosch 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more 2024-11-21 6.5 Medium
The vulnerability allows an unauthenticated remote attacker to upload arbitrary files under the context of the application OS user (“root”) via a crafted HTTP request.
CVE-2023-48244 1 Bosch 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more 2024-11-21 5.3 Medium
The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request.
CVE-2023-48243 1 Bosch 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more 2024-11-21 8.1 High
The vulnerability allows a remote attacker to upload arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. By abusing this vulnerability, it is possible to obtain remote code execution (RCE) with root privileges on the device.
CVE-2023-48242 1 Bosch 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more 2024-11-21 6.5 Medium
The vulnerability allows an authenticated remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request.
CVE-2023-39509 1 Bosch 4 Cpp13, Cpp13 Firmware, Cpp14 and 1 more 2024-11-21 7.2 High
A command injection vulnerability exists in Bosch IP cameras that allows an authenticated user with administrative rights to run arbitrary commands on the OS of the camera.
CVE-2023-35867 1 Bosch 20 Onvif Camera Event Driver Tool, Bosch Video Management System, Building Integration System Video Engine and 17 more 2024-11-21 5.9 Medium
An improper handling of a malformed API answer packets to API clients in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. To exploit this vulnerability an attacker has to replace an existing API server e.g. through Man-in-the-Middle attacks.
CVE-2023-34999 1 Bosch 1 Rts Vlink Virtual Matrix 2024-11-21 8.4 High
A command injection vulnerability exists in RTS VLink Virtual Matrix Software Versions v5 (< 5.7.6) and v6 (< 6.5.0) that allows an attacker to perform arbitrary code execution via the admin web interface.
CVE-2023-32230 1 Bosch 7 Monitor Wall, Video Recording Manager, Video Streaming Gateway and 4 more 2024-11-21 7.5 High
An improper handling of a malformed API request to an API server in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation.
CVE-2023-32229 1 Bosch 17 Autodome 7000i, Autodome 7100 Ir, Autodome Inteox 7000i and 14 more 2024-11-21 4.9 Medium
Due to an error in the software interface to the secure element chip on Bosch IP cameras of family CPP13 and CPP14, the chip can be permanently damaged when enabling the Stream security option (signing of the video stream) with option MD5, SHA-1 or SHA-256.
CVE-2023-28175 1 Bosch 16 Divar Ip 3000, Divar Ip 3000 Firmware, Divar Ip 4000 and 13 more 2024-11-21 7.1 High
Improper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11.1.1 allows a remote authenticated user to access resources within the trusted internal network via a port forwarding request.
CVE-2022-47648 1 Bosch 2 B420, B420 Firmware 2024-11-21 7.6 High
An Improper Access Control vulnerability allows an attacker to access the control panel of the B420 without requiring any sort of authorization or authentication due to the IP based authorization. If an authorized user has accessed a publicly available B420 product using valid credentials, an insider attacker can gain access to the same panel without requiring any sort of authorization. The B420 module was already obsolete at the time this vulnerability was found (The End of Life announcement was made in 2013).
CVE-2022-40184 1 Bosch 2 Videojet Multi 4000, Videojet Multi 4000 Firmware 2024-11-21 5.1 Medium
Incomplete filtering of JavaScript code in different configuration fields of the web based interface of the VIDEOJET multi 4000 allows an attacker with administrative credentials to store JavaScript code which will be executed for all administrators accessing the same configuration option.
CVE-2022-40183 1 Bosch 2 Videojet Multi 4000, Videojet Multi 4000 Firmware 2024-11-21 5.8 Medium
An error in the URL handler of the VIDEOJET multi 4000 may lead to a reflected cross site scripting (XSS) in the web-based interface. An attacker with knowledge of the encoder address can send a crafted link to a user, which will execute JavaScript code in the context of the user.
CVE-2022-36302 1 Bosch 1 Bf-os 2024-11-21 8.8 High
File path manipulation vulnerability in BF-OS version 3.00 up to and including 3.83 allows an attacker to modify the file path to access different resources, which may contain sensitive information.
CVE-2022-36301 1 Bosch 1 Bf-os 2024-11-21 9.8 Critical
BF-OS version 3.x up to and including 3.83 do not enforce strong passwords which may allow a remote attacker to brute-force the device password.
CVE-2022-32540 1 Bosch 3 Bosch Video Management System, Videojet Decoder 7513, Videojet Decoder 7513 Firmware 2024-11-21 5.9 Medium
Information Disclosure in Operator Client application in BVMS 10.1.1, 11.0 and 11.1.0 and VIDEOJET Decoder VJD-7513 versions 10.23 and 10.30 allows man-in-the-middle attacker to compromise confidential video stream. This is only applicable for UDP encryption when target system contains cameras with platform CPP13 or CPP14 and firmware version 8.x.