CVE-2021-23847
published 2021-06-09CVE-2021-23847: A Missing Authentication in Critical Function in Bosch IP cameras allows an unauthenticated remote attacker to extract sensitive information or change settings…
PriorityP261critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EPSS
1.43%
69.7th percentile
A Missing Authentication in Critical Function in Bosch IP cameras allows an unauthenticated remote attacker to extract sensitive information or change settings of the camera by sending crafted requests to the device. Only devices of the CPP6, CPP7 and CPP7.3 family with firmware 7.70, 7.72, and 7.80 prior to B128 are affected by this vulnerability. Versions 7.62 or lower and INTEOX cameras are not affected.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bosch | cpp6_firmware | — | — |
| bosch | cpp6_firmware | — | — |
| bosch | cpp6_firmware | >= 7.80 < 7.80.0129 | 7.80.0129 |
| bosch | cpp7.3_firmware | — | — |
| bosch | cpp7.3_firmware | — | — |
| bosch | cpp7.3_firmware | >= 7.80 < 7.80.0129 | 7.80.0129 |
| bosch | cpp7_firmware | — | — |
| bosch | cpp7_firmware | — | — |
| bosch | cpp7_firmware | >= 7.80 < 7.80.0129 | 7.80.0129 |
| bosch | cpp_firmware | — | — |
| bosch | cpp_firmware | — | — |
| bosch | cpp_firmware | >= unspecified < 7.80 B128 | 7.80 B128 |
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-06-09
Published