CVE-2021-23849

A vulnerability in the web-based interface allows an unauthenticated remote attacker to trigger actions on an affected system on behalf of another user (CSRF - Cross Site Request Forgery). This requires the victim to be tricked into clicking a malicious link or opening a malicious website while being logged in into the camera.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:bosch:cpp4_firmware:7.10:*:*:*:*:*:*:*
cpe:2.3:h:bosch:cpp4:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:bosch:cpp6_firmware:7.60:*:*:*:*:*:*:*
cpe:2.3:o:bosch:cpp6_firmware:7.61:*:*:*:*:*:*:*
cpe:2.3:o:bosch:cpp6_firmware:7.70:*:*:*:*:*:*:*
cpe:2.3:o:bosch:cpp6_firmware:7.80:*:*:*:*:*:*:*
cpe:2.3:h:bosch:cpp6:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:bosch:aviotec_firmware:7.61:*:*:*:*:*:*:*
cpe:2.3:o:bosch:aviotec_firmware:7.72:*:*:*:*:*:*:*
cpe:2.3:h:bosch:aviotec:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:o:bosch:cpp7_firmware:7.60:*:*:*:*:*:*:*
cpe:2.3:o:bosch:cpp7_firmware:7.61:*:*:*:*:*:*:*
cpe:2.3:o:bosch:cpp7_firmware:7.70:*:*:*:*:*:*:*
cpe:2.3:o:bosch:cpp7_firmware:7.72:*:*:*:*:*:*:*
cpe:2.3:o:bosch:cpp7_firmware:7.80:*:*:*:*:*:*:*
cpe:2.3:h:bosch:cpp7:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
OR cpe:2.3:o:bosch:cpp7.3_firmware:7.60:*:*:*:*:*:*:*
cpe:2.3:o:bosch:cpp7.3_firmware:7.61:*:*:*:*:*:*:*
cpe:2.3:o:bosch:cpp7.3_firmware:7.62:*:*:*:*:*:*:*
cpe:2.3:o:bosch:cpp7.3_firmware:7.70:*:*:*:*:*:*:*
cpe:2.3:o:bosch:cpp7.3_firmware:7.72:*:*:*:*:*:*:*
cpe:2.3:o:bosch:cpp7.3_firmware:7.73:*:*:*:*:*:*:*
cpe:2.3:o:bosch:cpp7.3_firmware:7.80:*:*:*:*:*:*:*
cpe:2.3:h:bosch:cpp7.3:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:bosch:cpp13_firmware:7.75:*:*:*:*:*:*:*
cpe:2.3:h:bosch:cpp13:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:bosch:cpp14_firmware:8.00:*:*:*:*:*:*:*
cpe:2.3:h:bosch:cpp14:-:*:*:*:*:*:*:*

Information

Published : 2021-08-05 13:15

Updated : 2021-08-12 09:20


NVD link : CVE-2021-23849

Mitre link : CVE-2021-23849


JSON object : View

CWE
CWE-352

Cross-Site Request Forgery (CSRF)

Advertisement

dedicated server usa

Products Affected

bosch

  • cpp6
  • aviotec
  • cpp13
  • cpp14_firmware
  • cpp4_firmware
  • cpp7_firmware
  • cpp4
  • cpp13_firmware
  • cpp7.3
  • cpp14
  • cpp7
  • cpp6_firmware
  • cpp7.3_firmware
  • aviotec_firmware