CVE-2015-6970
published 2020-02-18CVE-2015-6970: The web interface in Bosch Security Systems NBN-498 Dinion2X Day/Night IP Cameras with H.264 Firmware 4.54.0026 allows remote attackers to conduct XML…
PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
5.35%
91.6th percentile
The web interface in Bosch Security Systems NBN-498 Dinion2X Day/Night IP Cameras with H.264 Firmware 4.54.0026 allows remote attackers to conduct XML injection attacks via the idstring parameter to rcp.xml.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| boschsecurity | nbn-498_dinion2x_day_night_ip_cameras_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP GET requests to /rcp.xml with an idstring parameter containing XML metacharacters or unexpected values, indicative of XML injection attempts. ↗
- →Identify Bosch Dinion NBN-498 cameras on the network by their HTTP Server banner 'VCS-VideoJet-Webserver' and prioritize for patching or network isolation. ↗
- →The vulnerable endpoint is rcp.xml; any unauthenticated or authenticated GET request to this path with a manipulated idstring parameter should be flagged. ↗
- ·The exploit was tested on a specific firmware version; detection rules should be scoped to devices running H.264 Firmware 4.54.0026. ↗
- ·The PoC uses a non-standard port (10004); defenders should scan for Bosch cameras exposed on non-standard ports in addition to port 80/443. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2020-02-18
Published