Cpp13 Firmware
CVE-2023-39509
HIGH
Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
A command injection vulnerability exists in Bosch IP cameras that allows an authenticated user with administrative rights to run arbitrary commands on the OS of the camera.
AnalysisAI
A command injection vulnerability exists in Bosch IP cameras that allows an authenticated user with administrative rights to run arbitrary commands on the OS of the camera. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-20. A command injection vulnerability exists in Bosch IP cameras that allows an authenticated user with administrative rights to run arbitrary commands on the OS of the camera. Affected products include: Bosch Cpp13 Firmware, Bosch Cpp14 Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Cpp13 Firmware
View allIn Bosch IP cameras, improper validation of the HTTP header allows an attacker to inject arbitrary HTTP headers through
A vulnerability in the web-based interface allows an unauthenticated remote attacker to trigger actions on an affected s
Due to an error in the software interface to the secure element chip on Bosch IP cameras of family CPP13 and CPP14, the
An error in the handling of a page parameter in Bosch IP cameras may lead to a reflected cross site scripting (XSS) in t
An error in the URL handler Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-based interfa
An authenticated attacker with administrator rights Bosch IP cameras can call an URL with an invalid parameter that caus
Same weakness CWE-20 – Improper Input Validation
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today