cbcvebase.
CVE-2021-23847
published 2021-06-09

CVE-2021-23847: A Missing Authentication in Critical Function in Bosch IP cameras allows an unauthenticated remote attacker to extract sensitive information or change settings…

PriorityP261critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EPSS
1.43%
69.7th percentile
A Missing Authentication in Critical Function in Bosch IP cameras allows an unauthenticated remote attacker to extract sensitive information or change settings of the camera by sending crafted requests to the device. Only devices of the CPP6, CPP7 and CPP7.3 family with firmware 7.70, 7.72, and 7.80 prior to B128 are affected by this vulnerability. Versions 7.62 or lower and INTEOX cameras are not affected.

Affected

12 ranges
VendorProductVersion rangeFixed in
boschcpp6_firmware
boschcpp6_firmware
boschcpp6_firmware>= 7.80 < 7.80.01297.80.0129
boschcpp7.3_firmware
boschcpp7.3_firmware
boschcpp7.3_firmware>= 7.80 < 7.80.01297.80.0129
boschcpp7_firmware
boschcpp7_firmware
boschcpp7_firmware>= 7.80 < 7.80.01297.80.0129
boschcpp_firmware
boschcpp_firmware
boschcpp_firmware>= unspecified < 7.80 B1287.80 B128

CVSS provenance

nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:P/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.