CVE-2021-23849

moderate-risk
Published 2021-08-05

A vulnerability in the web-based interface allows an unauthenticated remote attacker to trigger actions on an affected system on behalf of another user (CSRF - Cross Site Request Forgery). This requires the victim to be tricked into clicking a malicious link or opening a malicious website while being logged in into the camera.

Do I need to act?

-
0.18% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / HIGH complexity

Affected Products (20)

Cpp4 Firmware
Cpp6 Firmware
Cpp6 Firmware
Cpp6 Firmware
Cpp6 Firmware
Aviotec Firmware
Aviotec Firmware
Cpp7 Firmware
Cpp7 Firmware
Cpp7 Firmware
Cpp7 Firmware
Cpp7 Firmware
Cpp7.3 Firmware
Cpp7.3 Firmware
Cpp7.3 Firmware
Cpp7.3 Firmware
Cpp7.3 Firmware
Cpp7.3 Firmware
Cpp7.3 Firmware
Cpp13 Firmware

Affected Vendors

Bosch

References (2)

Vendor Advisory https://psirt.bosch.com/security-advisories/bosch-sa-033305-bt.html
Vendor Advisory https://psirt.bosch.com/security-advisories/bosch-sa-033305-bt.html
43
/ 100
moderate-risk
Severity 22/34 · High
Exploitability 1/34 · Minimal
Exposure 20/34 · Moderate