Vulnerability Description
A command injection vulnerability exists in Bosch IP cameras that allows an authenticated user with administrative rights to run arbitrary commands on the OS of the camera.
CVSS Score
7.2
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bosch | Cpp13 Firmware | <= 8.90 |
| Bosch | Cpp13 | - |
| Bosch | Cpp14 Firmware | >= 8.20, <= 8.81 |
| Bosch | Cpp14 | - |
Related Weaknesses (CWE)
References
- https://psirt.bosch.com/security-advisories/BOSCH-SA-638184-BT.htmlVendor Advisory
- https://psirt.bosch.com/security-advisories/BOSCH-SA-638184-BT.htmlVendor Advisory
FAQ
What is CVE-2023-39509?
CVE-2023-39509 is a vulnerability with a CVSS score of 7.2 (HIGH). A command injection vulnerability exists in Bosch IP cameras that allows an authenticated user with administrative rights to run arbitrary commands on the OS of the camera.
How severe is CVE-2023-39509?
CVE-2023-39509 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-39509?
Check the references section above for vendor advisories and patch information. Affected products include: Bosch Cpp13 Firmware, Bosch Cpp13, Bosch Cpp14 Firmware, Bosch Cpp14.