CVE-2018-19036

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2018-19036
An issue was discovered in several Bosch IP cameras for firmware versions 6.32 and higher. A malicious client could potentially succeed in the unauthorized execution of code on the device via the network interface.

9.8 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
https://media.boschsecurity.com/fs/media/pb/security_advisories/bosch-2018-1202-bt-cve-2018-19036_security_advisory_ip_camera_vulnerability.pdf Mitigation Patch Vendor Advisory
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:bosch:common_product_platform_4_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:bosch:ip_bullet_4000_hd:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:flexidome_ip_micro_2000_ip:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:flexidome_ip_micro_2000_hd:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:flexidome_ip_outdoor_5000_hd:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:flexidome_ip_outdoor_5000_mp:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:flexidome_hd_720p:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:flexidome_hd_1080p_hdr:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:flexidome_hd_1080p:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:flexidome_corner_9000_mp:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:autodome_ip_5000_ir:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:autodome_ip_5000_hd:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:tinyon_ip_2000:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:mic_ip_dynamic_7000:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:ip_2000_hd:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:ip_2000:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:ip_bullet_5000_hd:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:flexidome_ip_micro_5000_mp:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:flexidome_ip_micro_5000_hd:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:flexidome_ip_outdoor_4000_ir:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:flexidome_ip_outdoor_4000_hd:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:flexidome_ip_panormic_5000:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:vandal-proof_flexidome_hd_720p:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:vandal-proof_flexidome_hd_1080p_hdr:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:vandal-proof_flexidome_hd_1080p:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:extegra_ip_starlight_9000:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:extegra_ip_dynamic_9000:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:dinion_ip_5000_mp:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:dinion_hd_720p:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:dinion_hd_1080p_hdr:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:dinion_hd_1080p:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:autodome_ip_7000:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:autodome_ip_4000_hd:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:dinion_ip_starlight_7000_hd:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:mic_ip_starlight_7000:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:flexidome_ip_indoor_4000_ir:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:flexidome_ip_indoor_4000_hd:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:flexidome_ip_indoor_5000_mp:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:flexidome_ip_indoor_5000_hd:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:dinion_ip_5000_hd:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:dinion_ip_4000_hd:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:dinion_ip_bullet_5000:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:dinion_ip_bullet_4000:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:dinion_imager_9000_hd:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:bosch:common_product_platform_6_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:bosch:dinion_ip_starlight_8000_12mp:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:flexidome_ip_panoramic_7000_12mp_360_iva:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:flexidome_ip_panoramic_7000_12mp_180:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:aviotec_ip_starlight_8000:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:flexidome_ip_panoramic_7000_12mp_180_iva:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:flexidome_ip_panoramic_7000_12mp_360:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:dinion_ip_ultra_8000_12mp:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:flexidome_ip_panoramic_6000_12mp_180:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:flexidome_ip_panoramic_6000_12mp_360:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:flexidome_ip_panoramic_6000_12mp_360_iva:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:flexidome_ip_panoramic_6000_12mp_180_iva:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:bosch:common_product_platform_7_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:bosch:dinion_ip_thermal_8000:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:flexidome_ip_starlight_7000:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:flexidome_ip_starlight_6000:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:dinion_ip_starlight_7000:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:dinion_ip_starlight_6000:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:bosch:common_product_platform_7.3_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:bosch:flexidome_ip_5000i:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:flexidome_ip_4000i:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:dinion_ip_bullet_6000i:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:dinion_ip_bullet_5000i:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:mic_ip_fusion_9000i:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:autodome_ip_starlight_7000i:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:autodome_ip_5000i:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:mic_ip_starlight_7000i:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:dinion_ip_bullet_4000i:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:autodome_ip_starlight_5000i:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:autodome_ip_4000i:-:*:*:*:*:*:*:*
Information

Published : 2018-12-17 11:29

Updated : 2019-02-22 11:04

NVD link : CVE-2018-19036

Mitre link : CVE-2018-19036

JSON object : View

CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Advertisement

dedicated server usa
Products Affected

bosch

  • dinion_ip_5000_mp
  • mic_ip_dynamic_7000
  • mic_ip_starlight_7000
  • flexidome_ip_panoramic_6000_12mp_180_iva
  • vandal-proof_flexidome_hd_720p
  • autodome_ip_4000_hd
  • autodome_ip_starlight_7000i
  • autodome_ip_5000_ir
  • dinion_ip_ultra_8000_12mp
  • dinion_hd_1080p_hdr
  • dinion_hd_1080p
  • dinion_ip_starlight_8000_12mp
  • flexidome_ip_panoramic_7000_12mp_180_iva
  • flexidome_ip_panoramic_6000_12mp_180
  • dinion_ip_starlight_6000
  • mic_ip_fusion_9000i
  • vandal-proof_flexidome_hd_1080p_hdr
  • flexidome_ip_outdoor_5000_hd
  • ip_2000_hd
  • flexidome_ip_4000i
  • dinion_ip_bullet_6000i
  • flexidome_corner_9000_mp
  • flexidome_ip_indoor_4000_ir
  • flexidome_hd_720p
  • ip_bullet_5000_hd
  • common_product_platform_4_firmware
  • autodome_ip_5000_hd
  • extegra_ip_dynamic_9000
  • flexidome_hd_1080p_hdr
  • mic_ip_starlight_7000i
  • flexidome_ip_panoramic_6000_12mp_360_iva
  • common_product_platform_7_firmware
  • flexidome_ip_starlight_7000
  • dinion_ip_bullet_5000i
  • flexidome_ip_micro_2000_ip
  • flexidome_hd_1080p
  • flexidome_ip_panoramic_6000_12mp_360
  • flexidome_ip_panoramic_7000_12mp_360
  • dinion_ip_thermal_8000
  • dinion_ip_5000_hd
  • flexidome_ip_micro_5000_mp
  • flexidome_ip_indoor_4000_hd
  • dinion_ip_bullet_5000
  • ip_bullet_4000_hd
  • flexidome_ip_panoramic_7000_12mp_360_iva
  • dinion_ip_starlight_7000_hd
  • flexidome_ip_starlight_6000
  • common_product_platform_7.3_firmware
  • flexidome_ip_indoor_5000_hd
  • dinion_imager_9000_hd
  • autodome_ip_4000i
  • vandal-proof_flexidome_hd_1080p
  • extegra_ip_starlight_9000
  • flexidome_ip_panormic_5000
  • dinion_ip_bullet_4000i
  • dinion_ip_4000_hd
  • autodome_ip_5000i
  • autodome_ip_starlight_5000i
  • flexidome_ip_outdoor_4000_ir
  • dinion_hd_720p
  • flexidome_ip_outdoor_5000_mp
  • flexidome_ip_indoor_5000_mp
  • flexidome_ip_5000i
  • dinion_ip_bullet_4000
  • aviotec_ip_starlight_8000
  • common_product_platform_6_firmware
  • dinion_ip_starlight_7000
  • flexidome_ip_micro_5000_hd
  • tinyon_ip_2000
  • ip_2000
  • flexidome_ip_panoramic_7000_12mp_180
  • autodome_ip_7000
  • flexidome_ip_outdoor_4000_hd
  • flexidome_ip_micro_2000_hd