Smart Home Controller Firmware
CVE-2019-11895
MEDIUM
Severity by source
AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
A potential improper access control vulnerability exists in the JSON-RPC interface of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in a successful denial of service of the SHC and connected sensors and actuators. In order to exploit the vulnerability, the adversary needs to have successfully paired an app or service, which requires user interaction.
AnalysisAI
A potential improper access control vulnerability exists in the JSON-RPC interface of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in a successful denial of service of the SHC. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-284. A potential improper access control vulnerability exists in the JSON-RPC interface of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in a successful denial of service of the SHC and connected sensors and actuators. In order to exploit the vulnerability, the adversary needs to have successfully paired an app or service, which requires user interaction. Affected products include: Bosch Smart Home Controller Firmware. Version information: before 9.8.905.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
A potential incorrect privilege assignment vulnerability exists in the app permission update API of the Bosch Smart Home
A potential improper access control vulnerability exists in the JSON-RPC interface of the Bosch Smart Home Controller (S
A potential incorrect privilege assignment vulnerability exists in the app pairing mechanism of the Bosch Smart Home Con
A potential incorrect privilege assignment vulnerability exists in the 3rd party pairing mechanism of the Bosch Smart Ho
A potential improper access control vulnerability exists in the backup mechanism of the Bosch Smart Home Controller (SHC
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today