CVE-2021-23845

🗓️ 18 Jun 2021 13:38:31Reported by boschType

CVE-2021-23845: Session hijacking vulnerability in web configuration pag

Reporter	Title	Published	Views	Family All 7
CNNVD	Bosch多个产品访问控制错误漏洞	3 Jun 202100:00	–	cnnvd
Cvelist	CVE-2021-23845 B426 Web Configuration Authentication Bypass	18 Jun 202113:38	–	cvelist
EUVD	EUVD-2021-10771	7 Oct 202500:30	–	euvd
NVD	CVE-2021-23845	18 Jun 202114:15	–	nvd
Prion	Design/Logic Flaw	18 Jun 202114:15	–	prion
Tenable Nessus	Bosch Security Systems B426 Conettix Improper Access Control (CVE-2021-23845)	14 Feb 202400:00	–	nessus
Zero Day Initiative	Bosch B426 Web Configuration Use of Hard-coded Password Authentication Bypass Vulnerability	3 Jun 202100:00	–	zdi

NVD

Node

bosch b426_firmwareRange<03.08

AND

bosch b426Match-

Node

bosch b426-cn_firmwareRange<03.08

AND

bosch b426-cnMatch-

Node

bosch b429-cn_firmwareRange<03.08

AND

bosch b429-cnMatch-

Node

bosch b426-m_firmwareRange<03.10

AND

bosch b426-mMatch-

[
  {
    "product": "B426 Firmware",
    "vendor": "Bosch",
    "versions": [
      {
        "lessThan": "03.08",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "B426-CN/B429- CN Firmware",
    "vendor": "Bosch",
    "versions": [
      {
        "lessThan": "03.08",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "B426-M Firmware",
    "vendor": "Bosch",
    "versions": [
      {
        "lessThan": "03.10",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
psirt	www.psirt.bosch.com/security-advisories/bosch-sa-196933-bt.html

21 Nov 2024 05:51Current

8.3High risk

Vulners AI Score8.3

CVSS 26.8

CVSS 3.18 - 8.8

EPSS0.00285

CWE-284