Cpp13 Firmware
CVE-2023-32229
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
Due to an error in the software interface to the secure element chip on Bosch IP cameras of family CPP13 and CPP14, the chip can be permanently damaged when enabling the Stream security option (signing of the video stream) with option MD5, SHA-1 or SHA-256.
AnalysisAI
Due to an error in the software interface to the secure element chip on Bosch IP cameras of family CPP13 and CPP14, the chip can be permanently damaged when enabling the Stream security option. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-1246. Due to an error in the software interface to the secure element chip on Bosch IP cameras of family CPP13 and CPP14, the chip can be permanently damaged when enabling the Stream security option (signing of the video stream) with option MD5, SHA-1 or SHA-256. Affected products include: Bosch Cpp13 Firmware, Bosch Cpp14 Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Cpp13 Firmware
View allIn Bosch IP cameras, improper validation of the HTTP header allows an attacker to inject arbitrary HTTP headers through
A vulnerability in the web-based interface allows an unauthenticated remote attacker to trigger actions on an affected s
A command injection vulnerability exists in Bosch IP cameras that allows an authenticated user with administrative right
An error in the handling of a page parameter in Bosch IP cameras may lead to a reflected cross site scripting (XSS) in t
An error in the URL handler Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-based interfa
An authenticated attacker with administrator rights Bosch IP cameras can call an URL with an invalid parameter that caus
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today