CVE-2021-23851 – Buffer Overflow vulnerability in the recovery image web-based interface
https://notcve.org/view.php?id=CVE-2021-23851
A specially crafted TCP/IP packet may cause the camera recovery image web interface to crash. It may also cause a buffer overflow which could enable remote code execution. The recovery image can only be booted with administrative rights or with physical access to the camera and allows the upload of a new firmware in case of a damaged firmware. Un paquete TCP/IP especialmente diseñado puede causar el bloqueo de la interfaz web de la imagen de recuperación de la cámara. También puede causar un desbordamiento del búfer que podría permitir una ejecución de código remota. • https://psirt.bosch.com/security-advisories/bosch-sa-446276-bt.html https://psirt.bosch.com/security-advisories/bosch-sa-478243-bt.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-121: Stack-based Buffer Overflow •
CVE-2021-23850 – Buffer Overflow vulnerability in the recovery image telnet server
https://notcve.org/view.php?id=CVE-2021-23850
A specially crafted TCP/IP packet may cause a camera recovery image telnet interface to crash. It may also cause a buffer overflow which could enable remote code execution. The recovery image can only be booted with administrative rights or with physical access to the camera and allows the upload of a new firmware in case of a damaged firmware. Un paquete TCP/IP especialmente diseñado puede causar el bloqueo de la interfaz telnet de la imagen de recuperación de la cámara. También puede causar un desbordamiento del búfer que podría permitir una ejecución de código remota. • https://psirt.bosch.com/security-advisories/bosch-sa-446276-bt.html https://psirt.bosch.com/security-advisories/bosch-sa-478243-bt.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-121: Stack-based Buffer Overflow •
CVE-2020-6769 – Missing Authentication for Critical Function in Bosch Video Streaming Gateway
https://notcve.org/view.php?id=CVE-2020-6769
Missing Authentication for Critical Function in the Bosch Video Streaming Gateway (VSG) allows an unauthenticated remote attacker to retrieve and set arbitrary configuration data of the Video Streaming Gateway. A successful attack can impact the confidentiality and availability of live and recorded video data of all cameras configured to be controlled by the VSG as well as the recording storage associated with the VSG. This affects Bosch Video Streaming Gateway versions 6.45 <= 6.45.08, 6.44 <= 6.44.022, 6.43 <= 6.43.0023 and 6.42.10 and older. This affects Bosch DIVAR IP 3000, DIVAR IP 7000 and DIVAR IP all-in-one 5000 if a vulnerable VSG version is installed with BVMS. This affects Bosch DIVAR IP 2000 <= 3.62.0019 and DIVAR IP 5000 <= 3.80.0039 if the corresponding port 8023 has been opened in the device's firewall. • https://psirt.bosch.com/security-advisories/BOSCH-SA-260625-BT.html • CWE-306: Missing Authentication for Critical Function •
CVE-2019-8952
https://notcve.org/view.php?id=CVE-2019-8952
A Path Traversal vulnerability located in the webserver affects several Bosch hardware and software products. The vulnerability potentially allows a remote authorized user to access arbitrary files on the system via the network interface. Affected hardware products: Bosch DIVAR IP 2000 (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.62.0019 and newer), Bosch DIVAR IP 5000 (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.80.0033 and newer). Affected software products: Video Recording Manager (VRM) (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; 3.70; 3.71 before 3.71.0032 ; fixed versions: 3.71.0032; 3.81.0032 and newer), Bosch Video Management System (BVMS) (vulnerable versions: 3.50.00XX; 3.55.00XX; 3.60.00XX; 3.70.0056; fixed versions: 7.5; 3.71.0032). Una vulnerabilidad de salto de directorio ubicada en el servidor web afecta a varios productos de hardware y software de Bosch. • https://media.boschsecurity.com/fs/media/pb/security_advisories/bosch-2019-0402bt-cve-2019-8952_security_advisory_vrm_path_traversal.pdf https://psirt.bosch.com https://psirt.bosch.com/Advisory/BOSCH-2019-0402.html https://www.boschsecurity.com/xc/en/support/product-security/security-advisories.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2019-8951
https://notcve.org/view.php?id=CVE-2019-8951
An Open Redirect vulnerability located in the webserver affects several Bosch hardware and software products. The vulnerability potentially allows a remote attacker to redirect users to an arbitrary URL. Affected hardware products: Bosch DIVAR IP 2000 (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.62.0019 and newer), Bosch DIVAR IP 5000 (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.80.0033 and newer). Affected software products: Video Recording Manager (VRM) (vulnerable versions: 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.70.0056 and newer; 3.81.0032 and newer), Bosch Video Management System (BVMS) (vulnerable versions: 3.50.00XX; 3.55.00XX; 3.60.00XX; fixed versions: 7.5; 3.70.0056). Una vulnerabilidad de redirección abierta en el servidor web afecta a varios productos de hardware y software de Bosch. • https://media.boschsecurity.com/fs/media/pb/security_advisories/bosch-2019-0401bt-cve-2019-8951_security_advisory_vrm_open_redirect.pdf https://psirt.bosch.com https://psirt.bosch.com/Advisory/BOSCH-2019-0401.html https://www.boschsecurity.com/xc/en/support/product-security/security-advisories.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •