Vulnerability Description
A Missing Authentication in Critical Function in Bosch IP cameras allows an unauthenticated remote attacker to extract sensitive information or change settings of the camera by sending crafted requests to the device. Only devices of the CPP6, CPP7 and CPP7.3 family with firmware 7.70, 7.72, and 7.80 prior to B128 are affected by this vulnerability. Versions 7.62 or lower and INTEOX cameras are not affected.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bosch | Cpp6 Firmware | >= 7.80, < 7.80.0129 |
| Bosch | Cpp6 | - |
| Bosch | Cpp7 Firmware | >= 7.80, < 7.80.0129 |
| Bosch | Cpp7 | - |
| Bosch | Cpp7.3 Firmware | >= 7.80, < 7.80.0129 |
| Bosch | Cpp7.3 | - |
Related Weaknesses (CWE)
References
- https://psirt.bosch.com/security-advisories/bosch-sa-478243-bt.htmlVendor Advisory
- https://psirt.bosch.com/security-advisories/bosch-sa-478243-bt.htmlVendor Advisory
FAQ
What is CVE-2021-23847?
CVE-2021-23847 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A Missing Authentication in Critical Function in Bosch IP cameras allows an unauthenticated remote attacker to extract sensitive information or change settings of the camera by sending crafted request...
How severe is CVE-2021-23847?
CVE-2021-23847 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-23847?
Check the references section above for vendor advisories and patch information. Affected products include: Bosch Cpp6 Firmware, Bosch Cpp6, Bosch Cpp7 Firmware, Bosch Cpp7, Bosch Cpp7.3 Firmware.