Vulnerability Description
An issue was discovered in several Bosch Smart Home cameras (360 degree indoor camera and Eyes outdoor camera) with firmware before 6.52.4. A malicious client could potentially succeed in the unauthorized execution of code on the device via the network interface, because there is a buffer overflow in the RCP+ parser of the web server.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bosch | 360-Indoor Camera Firmware | < 6.52.4 |
| Bosch | 360-Indoor Camera | - |
| Bosch | Eyes Outdoor Camera Firmware | < 6.52.4 |
| Bosch | Eyes Outdoor Camera | - |
Related Weaknesses (CWE)
References
- https://psirt.bosch.com/Advisory/BOSCH-2018-1203.htmlMitigationVendor Advisory
- https://psirt.bosch.com/Advisory/BOSCH-2018-1203.htmlMitigationVendor Advisory
FAQ
What is CVE-2018-20299?
CVE-2018-20299 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was discovered in several Bosch Smart Home cameras (360 degree indoor camera and Eyes outdoor camera) with firmware before 6.52.4. A malicious client could potentially succeed in the unauthor...
How severe is CVE-2018-20299?
CVE-2018-20299 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-20299?
Check the references section above for vendor advisories and patch information. Affected products include: Bosch 360-Indoor Camera Firmware, Bosch 360-Indoor Camera, Bosch Eyes Outdoor Camera Firmware, Bosch Eyes Outdoor Camera.