cbcvebase.
CVE-2021-23851
published 2022-03-30

CVE-2021-23851: A specially crafted TCP/IP packet may cause the camera recovery image web interface to crash. It may also cause a buffer overflow which could enable remote…

PriorityP343high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
1.47%
70.4th percentile
A specially crafted TCP/IP packet may cause the camera recovery image web interface to crash. It may also cause a buffer overflow which could enable remote code execution. The recovery image can only be booted with administrative rights or with physical access to the camera and allows the upload of a new firmware in case of a damaged firmware.

Affected

70 ranges· showing 25
VendorProductVersion rangeFixed in
boschautodome_7000_firmware
boschautodome_ip_4000_hd_firmware
boschautodome_ip_4000i_firmware
boschautodome_ip_5000_hd_firmware
boschautodome_ip_5000_ir_firmware
boschautodome_ip_5000i_firmware
boschautodome_ip_starlight_5000i_firmware
boschautodome_ip_starlight_7000i_firmware
boschaviotec_ip_starlight_8000_firmware
boschcpp_firmware
boschdinion_hd_1080p_firmware
boschdinion_hd_1080p_hdr_firmware
boschdinion_hd_720p_firmware
boschdinion_imager_9000_hd_firmware
boschdinion_ip_3000i_firmware
boschdinion_ip_4000_hd_firmware
boschdinion_ip_5000_hd_firmware
boschdinion_ip_5000_mp_firmware
boschdinion_ip_bullet_4000_firmware
boschdinion_ip_bullet_4000i_firmware
boschdinion_ip_bullet_5000_firmware
boschdinion_ip_bullet_5000_firmware
boschdinion_ip_bullet_5000i_firmware
boschdinion_ip_bullet_6000i_firmware
boschdinion_ip_starlight_6000_firmware

CVSS provenance

nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.