CVSS: 5.9EPSS: 0%CPEs: 20EXPL: 0CVE-2023-35867
https://notcve.org/view.php?id=CVE-2023-35867
18 Dec 2023 — An improper handling of a malformed API answer packets to API clients in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. To exploit this vulnerability an attacker has to replace an existing API server e.g. through Man-in-the-Middle attacks. Un manejo inadecuado de paquetes de respuesta API con formato incorrecto para clientes API en productos de software Bosch BT puede permitir que un atacante no autenticado provoque una situación de denegación ... • https://psirt.bosch.com/security-advisories/BOSCH-SA-092656-BT.html • CWE-703: Improper Check or Handling of Exceptional Conditions •
CVSS: 10.0EPSS: 0%CPEs: 23EXPL: 0CVE-2020-6769 – Missing Authentication for Critical Function in Bosch Video Streaming Gateway
https://notcve.org/view.php?id=CVE-2020-6769
07 Feb 2020 — Missing Authentication for Critical Function in the Bosch Video Streaming Gateway (VSG) allows an unauthenticated remote attacker to retrieve and set arbitrary configuration data of the Video Streaming Gateway. A successful attack can impact the confidentiality and availability of live and recorded video data of all cameras configured to be controlled by the VSG as well as the recording storage associated with the VSG. This affects Bosch Video Streaming Gateway versions 6.45 <= 6.45.08, 6.44 <= 6.44.022, 6.... • https://psirt.bosch.com/security-advisories/BOSCH-SA-260625-BT.html • CWE-306: Missing Authentication for Critical Function •